You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

Security Projects

Mozilla includes several projects related to security:

  • Open Source PKI Projects. Main home page for all open source public-key infrastructure (PKI) projects, including:
    • Network Security Services (NSS). Project for supporting cross-platform development of security-enabled server applications. Applications built with NSS can support PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, TLS, SSL v2 and v3, X.509 v3 certificates, and other security standards.
    • Network Security Services for Java (JSS). A Java interface to NSS that supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding.
    • Personal Security Manager (PSM). Project for supporting cross-platform development of security-enabled client applications. PSM includes libraries (built on top of NSS) and a daemon that performs cryptographic operations on behalf of a client application -- operations such as setting up an SSL connection, object signing and signature verification, certificate management, and other common PKI functions.
    • PKCS #11 Conformance Testing. Test suites designed to test PKCS #11 implementations.
  • X.509 v3 Certificate Store. NSS ships by default with a set of root certificates. This page details how this store is managed.
  • Component Security For Mozilla. Project for adding Java and JavaScript security to Mozilla components, mainly in terms of mobile code and the browser interfaces available to programs from those languages.
  • Policy for Handling Security Bugs. Guidelines on how to report security vulnerabilities and how the Mozilla community will deal with them.
  • Top Level Domains for which we permit Internationalized Domain Names, with links to the relevant registry policies.