Browser security

An important aspect of developing code for any browser, including Firefox, as well as any Web-oriented project, is its security. These articles provide important guides and references to ensuring the code you write is secure, including both design recommendations and testing guidelines.

A Web PKI x509 certificate primer
X.509 (in this document referred as x509) is an ITU standard to describe certificates. This article provides an overview of what these are and how they work.
Exploitable crashes
This article will help you determine if a crash is exploitable, find crashes which are exploitable, and to fix exploitable crashes.
Handling Mozilla Security Bugs
This document describes how the new security organizational structure will work, and how security-related Mozilla bug reports will be handled.
Pinning violation reports
If a site makes use of key pinning, and your browser sees a certificate chain for that site which does not match the pin, Firefox will reject the connection and display an error page.
Secure Development Guidelines
The following content will likely see significant revision, though can be used as a reference for security best practices to follow when developing code for Mozilla.
Security and the jar protocol
This article discusses security concerns with the jar: protocol, which only Firefox has ever implemented for Web content.