Language Selection

English French German Italian Portuguese Spanish

Security: Trusting the delivery of Firefox Updates, Reproducible Builds Weekly Report and Security updates for Tuesday

Filed under
Security
  • Trusting the delivery of Firefox Updates

    Providing a web browser that you can depend on year after year is one of the core tenet of the Firefox security strategy. We put a lot of time and energy into making sure that the software you run has not been tampered with while being delivered to you.

    In an effort to increase trust in Firefox, we regularly partner with external firms to verify the security of our products. Earlier this year, we hired X41 D-SEC Gmbh to audit the mechanism by which Firefox ships updates, known internally as AUS for Application Update Service. Today, we are releasing their report.

    Four researchers spent a total of 27 days running a technical security review of both the backend service that manages updates (Balrog) and the client code that updates your browser. The scope of the audit included a cryptographic review of the update signing protocol, fuzzing of the client code, pentesting of the backend and manual code review of all components.

  • Reproducible Builds: Weekly report #180
  • Security updates for Tuesday

More in Tux Machines

Vulkan/DXVK and More GNU/Linux Games (Native)

Software and HowTos: Organizer, Handbrake, Logical & in Bash and Python

Android Leftovers

A Linux Noob Reviews: The openSUSE Leap 15.0 Installer

Welcome to a regular series here at Forbes that zeroes in on your very first experience with a desktop Linux operating system: the installer. This time around I'm escaping my comfort zone and leaving Ubuntu-based distributions behind with openSUSE Leap 15.0. Read more