Anyone remember the "ten f...ing days" story? web.archive.org/web/2015010223… We just provided a security update in less than 18 hours from report to release. mozilla.org/en-US/security…

blog.mozilla.org/security/2024/…

.@freddyb will be at #Offensivecon24 in Berlin. Let us know if you want to meet up to talk about browser/ web security.

If you haven't updated Firefox in a while, do it now. We have fixed a high-severity security vulnerability that is apparently exploited in the wild. We shipped this within 25 hours after being reported to us. mozilla.org/en-US/security…

We're turning the big 2-0 this year! Help us celebrate by sharing your best Firefox fan art 🔥 tag us or use #FirefoxArt by 11/01 so we don't miss it. (you just might score some fun surprises too...)

What it takes to fix an 0day in 25 hours. (Spoiler: It's team work!). Read the blog post at blog.mozilla.org/security/2024/… by our very own Tom Ritter

We updated our Firefox Bug Bounty Hall of Fame for Q4 of 2024. 🏆👏 Thank you to the many folks who helped keep Firefox secure! mozilla.org/en-US/security…

Gareth Heyes \u2028 Masato Kinugawa Good find. This is now fixed Firefox Nightly 🔥. Sorry, no fun allowed.

bugzilla.mozilla.org/show_bug.cgi?i… This is a big change for DOM Clobberers. Firefox Nightly no longer allows native document properties to be overwritten by elements with a name attr, e.g.: <img src=a name=currentScript> <script> alert(document.currentScript)// HTMLScriptElement </script>

We just updated our bug bounty hall of fame to include the great security researchers from the last two quarters. Thank you for securing the best #Firefox yet :) mozilla.org/en-US/security…

Did you know that all of our good stuff is also available elsewhere? Follow us on Mastodon at infosec.exchange/@attackanddefe… or keep refreshing our site at attackanddefense.dev

We just published the Q2 2025 edition of the Firefox Security and Privacy newsletter. Highlights: * CHIPS * Webcompat improvements * Better HTTPS error pages * Firefox Relay integration ...and much more. attackanddefense.dev/2025/07/17/fir…