All the worlds computers, any other device that contains a computer chip, the internet itself, all run on computer code. Twitter and popular browser mozilla firefox have locked up horns over users chat data like direct messages dms being inadvertently. Optionally, if the original and negotiated version share a compatible initial. Mozilla publishes detailed analysis of the expansion. Creative commons attribution sharealike license v3. We already knew that the root cause of the addons problem was related to an issue with a security certificate, and mozilla cto eric rescorla provides a detailed explanation of. Over on the mozilla blog, eric rescorla, the cto of firefox, shares insights on what you need to know about twitter on firefox. Twitter alleged that it has recently learned that the way mozilla firefox stores cached data may have resulted in nonpublic information being inadvertently stored in the browsers cache. Quic does not provide a complete version negotiation mechanism but instead only provides a way for the server to indicate that the version the client offered is unacceptable. Its already shipping in firefox and you can use it today. Mozilla blames interlocking complex systems and confusion. This new role is a complement to the organizations existing distinguished engineers award and is distinct from mozilla s other existing fellowship programs. This new role is a complement to the organizations existing distinguished engineers award and is distinct from mozillas other existing fellowship programs. Mozilla firefox hits back, says twitter singled out its.
Contentdisposition is a feature that allows sites to identify content for download and to suggest a name for the file to save that content to. In an april 3 blog posting to clarify the issue, eric rescorla, the cto of firefox, said. Bob clary, carsten book, christian holler, nicolas pierron, eric rescorla, tyson smith, gabor krizsanits, and randell jesup reported memory safety problems and crashes that affect firefox 43. Download our free update detector to keep your software up. In comparison, firefox legitimately treats contentdisposition as unrelated and so does not disable heuristic caching when it is present. Jan 26, 2016 mozilla developer eric rescorla reported that a failed allocation during dhe and ecdhe handshakes would lead to a useafterfree vulnerability. Mozilla knows the ticket expiration really was a school boy error, but it is trying its best to repair the damage. Twitter, mozilla firefox in tug of war over users cached data. Apr 03, 2020 san francisco, april 4 ians twitter and popular browser mozilla firefox have locked up horns over users chat data like direct messages dms being inadvertently stored in the browsers cache.
Articles by eric rescorla addons outage postmortem result weve been conducting an ongoing postmortem on the addons outage that occurred earlier this year. Twitter and popular browser mozilla firefox have locked up horns over users chat data like direct messages dms being inadvertently stored in the browsers cache on desktops. Get firefox for windows, macos, linux, android and ios today. Firefox chief technology officer eric rescorla has written a detailed blog post explaining exactly how the browsers addons came to break all at once last week, how it was fixed, and how the. Support for the stanford colloquium on computer systems seminar. The latest news and developments on firefox and mozilla, a global nonprofit that strives to promote openness, innovation and opportunity on the web. Technical details on the recent firefox addon outage mozilla.
Wondering why all of your firefox addons broke last week. It took firefox roughly 12 hours to rectify the situation. A prototype of this report was published in january 2017 and was followed by an open, public discussion about metrics, several meetings with allies, and the establishment of a smaller report coalition to support content creation. Except where otherwise noted, content on this site is licensed under the creative commons attribution sharealike license v3. This document describes a version negotiation mechanism that allows a client and server to select a mutually supported version. Eric was instrumental in the development of webrtc, which brought voice and video to the browser and worked with cisco to start openh264, which allows open source projects to use the worlds most popular video codec for free.
Twitter and popular browser mozilla firefox have locked up horns over users chat data like direct messages dms being inadvertently stored in the browsers cache on. Mar 24, 2020 its the most popular security protocol on the internet, securing essentially every ecommerce transaction, eric rescorla, chief technology officer at us technology company mozilla, told horizon over email. The technical details are complicated but the high level is. Eric rescorla, tyson smith, gabor krizsanits, and randell jesup reported memory safety problems and crashes that. Mozilla explains why all firefox addons broke at once. Mozilla s vp of product marketing, lindsey is a core member of the marketing senior leadership team and a key company executive with responsibility for overseeing new product launches, nurturing existing products, ideating on key campaigns and gotomarket strategies, and evangelizing new innovations in internet technologies to drive mozilla. Simplified, one could say that mozilla overslept the expiration of the certificate. The problem was initially caught by firefox ghief technology officer eric rescorla at around 6 p. Mozilla apologizes for recent addon disabling issue and. In order to ensure that we are safeguarding our users privacy, mozilla has built a set of transparent data practices which determine what we can collect and under what conditions. We have published two blog posts that you may want to read if you would like to learn more about what caused this incident and how mozilla responded. May 10, 2019 firefox chief technology officer eric rescorla has written a detailed blog post explaining exactly how the browsers addons came to break all at once last week, how it was fixed, and how the. This year, were proud to announce that our very own firefox cto, eric rescorla, was awarded one of these prizes for his involvement in spearheading the latest version of transport layer security tls.
Over on the mozilla blog, eric rescorla, the cto of firefox. May 10, 2019 mozilla cto eric rescorla published a technical analysis of the issue on the mozilla hacks blog. The root certificate is used to sign a new intermediate certificate, and the intermediate certificate is used to sign endentity certificates which in turn sign individual addons. Eric rescorla, author at mozilla hacks the web developer blog. Announcing mozilla fellow, eric rescorla mozilla press. Eric rescorla is chief technology officer, firefox at mozilla, where he is responsible for setting the overall technical strategy for the firefox browser. If you do nothing, the data will be automatically deleted after 7 days the next time you run firefox, rescorla said. Technical details on the recent firefox addon outage by firefox cto eric rescorla. In the two decades leading up to 2018, there were five overhauls of tls to keep pace with the sophistication of online attacks. This idea has gotten a lot of attention in the tech press. Mls provides a security layer for group messaging applications, where the number of clients ranges from two to many. Firefox is created by a global nonprofit dedicated to putting individuals in control online. Apr 04, 2020 the mozilla firefox browsers cache retention period is set to 7 days and after that time the information should have automatically been removed from the cache, said twitter, adding that the issue.
Addons outage postmortem result mozilla hacks the web. This version of tls incorporates significant improvements in both security and speed. Eric rescorla is an internet security consultant and author of several commercial ssl implementations, including the freely available java puretls toolkit. Please join me in welcoming eric to the executive team at mozilla. May 14, 2019 we have published two blog posts that you may want to read if you would like to learn more about what caused this incident and how mozilla responded. Testing privacypreserving telemetry with prio mozilla. Mozillians profile download photos link to this bio. Cto eric rescorla details exactly what happened, and why it took so long in a blog. The story behind that little padlock in your browser. Feb 25, 2020 developed by a team of researchers from the university of texas at austin, the university of california san diego, stanford university and mozilla, the approach shifts some of the browser code into secure sandboxes that prevent malicious code from taking over the users computer.
New sandboxing approach in web browser increases security. A slipup by mozilla stopped firefox addons from working last weekend, and the company issued a fix followed by an update to the browser to get things back to normal. Mozilla will publish a more thorough evaluation of the incident this week, rescorla. Eric rescorla, firefoxs chief technology officer, did. Mls is not intended as a full instant messaging protocol but rather is intended to be embedded in a concrete protocol such as xmpp rfc3920. What we do when things go wrong by joe hildebrand, vp of engineering, firefox. In the internet industry, eric rescorla has 4,310 colleagues in 448 companies located in 37 countries. As i mentioned in my previous post, weve been conducting a postmortem on the addons outage. Issues with web page layout probably go here, while firefox user interface issues belong in the firefox product.
Since joining mozilla in 20, eric has been focused on advanced technologies and mozillas technical strategy. I am pleased to announce that eric rescorla has been appointed mozilla fellow, a vicepresident level role created to recognize top technical leadership at mozilla. The levchin prize awards two entrepreneurs every year for significant contributions to solving global, realworld cryptography issues that make the internet safer at scale. Mozilla developer eric rescorla reported that a failed allocation during dhe and ecdhe handshakes would lead to a useafterfree vulnerability. First, we should have a much better way of tracking the status of everything in firefox that is a potential time bomb and making sure that we dont find ourselves in a situation where one goes off unexpectedly. Previously i wrote about the use of mobile apps for covid contact tracing. The latest news and developments on firefox and mozilla, a global nonprofit that strives to promote openness, innovation and opportunity.
Youre not the only one, and firefoxs chief technology officer, eric rescorla. Announcing mozilla fellow, eric rescorla the mozilla blog. Mozilla explains why all firefox addons broke at once engadget. For sustained contributions to the standardization of security protocols, most recently in the development and standardization of tls 1. Eric rescorla has written a detailed summary of how the firefox addon fiasco happened, how it was addressed, and how a repeat might be avoided. Messaging layer security mls specifies an architecture this document and an abstract protocol for providing endtoend security in this setting. May 10, 2019 mozilla knows the ticket expiration really was a school boy error, but it is trying its best to repair the damage. Our cto, eric rescorla, shares more about what happened technically in this post. San francisco, april 4 ians twitter and popular browser mozilla firefox have locked up horns over users chat data like direct messages dms being inadvertently stored in the browsers cache on. May 10, 2019 the problem was initially caught by firefox ghief technology officer eric rescorla at around 6 p. We would like to extend our thanks to the people who worked hard to address this issue, including the hundred or so community members and employees localizing content and answering questions on mozilla support, twitter, and reddit. Eric rescorla april 3, 2020 yesterday twitter announced that for firefox users data such as direct messages dms might be left sitting on their computers even if they logged out.
Twitter direct message caching and firefox mozilla hacks. Eric rescorla, author at mozilla hacks the web developer. This year, were proud to announce that our very own firefox cto, eric rescorla, was awarded one of these prizes for his involvement in. Oct 29, 2018 in order to ensure that we are safeguarding our users privacy, mozilla has built a set of transparent data practices which determine what we can collect and under what conditions. The mozilla firefox browsers cache retention period is set to 7 days and after that time the information should have automatically been removed from the cache, said twitter, adding that the issue. Twitter, mozilla firefox in tug of war over users cached. He also partners with the engineering and product organizations to set the shortterm technical direction. Eric rescorla, cto of mozilla, is now presenting, several weeks later than originally intended, the results of the promised detailed analysis of the incident in a new post. This document describes the reference architecture, functional and security requirements for the messaging layer security mls protocol.
Twitter said while cache data is only stored locally on firefox browser users devices, they have implemented a change so that mozilla firefox no longer stores twitter data in the cache at all. Gecko, html, css, layout, dom, scripts, images, networking, etc. Firefoxs chief technology officer eric rescorla in a blog said that twitter had singled. In this role he leads the longterm technical strategy for firefox. Its the most popular security protocol on the internet, securing essentially every ecommerce transaction, eric rescorla, chief technology officer at us technology company mozilla, told horizon over email.
Firefox dohtrr status eric rescorla cto, firefox february. Mozilla response to recent firefox broken addons error. Its hard to overstate the degree to which our world is dependent on software systems, says eric rescorla, a fellow at mozilla, the nonprofit organization that developed the firefox web browser. Since joining mozilla in 20, eric has been focused on advanced technologies and mozilla s technical strategy.
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in firefox and other mozilla based products. He provides insights into firefoxs addon signing functionality. Mozilla firefox hits back, says twitter singled out its web browser. Twitter, mozilla firefox in tug of war over users cached data san francisco, april 4 ians twitter and popular browser mozilla firefox have locked up horns over users chat data like direct. Developed by a team of researchers from the university of texas at austin, the university of california san diego, stanford university and mozilla, the approach shifts some of the browser code into secure sandboxes that prevent. Twitter has alleged that mozilla firefox stores user data as cached files. Twitter alleged that it has recently learned that the way mozilla firefox stores cached data may have resulted in nonpublic information being inadvertently stored in the. Download our free update detector to keep your software up to date.
Cto eric rescorla details exactly what happened, and why it. Shared components used by firefox and other mozilla software, including handling of web content. Mozilla blames interlocking complex systems and confusion for firefoxs may addon outage the firefox browser maker said its figured out what caused problems with its browser addons and. May 10, 2019 our cto, eric rescorla, shares more about what happened technically in this post. Firefox chief technology officer eric rescorla said in a statement late friday. The technical details are complicated but the high level is pretty simple. Mozilla firefox hits back, says twitter singled out its web.
306 205 1450 381 1221 1278 1320 1475 1368 1199 1348 757 171 59 325 584 770 1266 1091 375 175 579 1409 469 991 693 104 1068 1230 179 1140 521 371 913 931 708 972 471 982 209 569 473 449 161 406 312 1076 335 170 1293 781