Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mozilla to strengthen SSL certificate verification in Firefox

Lucian Constantin | April 28, 2014
Mozilla plans to more strictly enforce industry best practices for SSL certificates in future versions of Firefox with a new certificate verification system.

Mozilla also created a special bug bounty program that will pay out US$10,000 for any critical security flaw found and reported in the new library's code until the end of June.

"As we've all been painfully reminded recently (Heartbleed, #gotofail) correct code in TLS libraries is crucial in today's Internet and we want to make sure this code is rock solid before it ships to millions of Firefox users," Mozilla's security lead Daniel Veditz said Thursday in a blog post.

"We are primarily interested in bugs that allow the construction of certificate chains that are accepted as valid when they should be rejected, and bugs in the new code that lead to exploitable memory corruption," Veditz said. "Compatibility issues that cause Firefox to be unable to verify otherwise valid certificates will generally not be considered a security bug, but a bug that caused Firefox to accept forged signed OCSP [Online Certificate Status Protocol] responses would be."

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.