Browser security 编辑

An important aspect of developing code for any browser, including Firefox, as well as any Web-oriented project, is its security. These articles provide important guides and references to ensuring the code you write is secure, including both design recommendations and testing guidelines.

A Web PKI x509 certificate primer

X.509 (in this document referred as x509) is an ITU standard to describe certificates. This article provides an overview of what these are and how they work.

Exploitable crashes

This article will help you determine if a crash is exploitable, find crashes which are exploitable, and to fix exploitable crashes.

Handling Mozilla Security Bugs

This document describes how the new security organizational structure will work, and how security-related Mozilla bug reports will be handled.

Pinning violation reports

If a site makes use of key pinning, and your browser sees a certificate chain for that site which does not match the pin, Firefox will reject the connection and display an error page.

Secure Development Guidelines

The following content will likely see significant revision, though can be used as a reference for security best practices to follow when developing code for Mozilla.

Security and the jar protocol

This article discusses security concerns with the jar: protocol, which only Firefox has ever implemented for Web content.