Identity at Mozilla

Home of the Mozilla Identity team

1. Security fix in Persona Verifier and new mailing list for important notices

   Jul 10, 2012 — by fmarier

   Last Monday, we identified a security hole in the implementation of our Verifier. We deployed a fix in 6 hours. The full details of the issue are available on the wiki. If you’re running a site against our Verifier, you are safe.

   We did our best to identify whether this issue affects other verifiers. To the best of our knowledge, there are no other implementations affected. If you happen to be running a custom verifier, please contact us so we can help you check.

   Sign up for important Persona service announcements

   We would also like to take this opportunity to introduce a new communications channel, persona-notices, for those who use Persona in production but don’t have time to read our developers list or this blog.

   We will only post to the new list regarding topics that may require action by those who rely on Persona, such as:

   • security issues in popular Persona libraries and plug-ins
   • advance warnings about deprecations and incompatible changes to the API
   • changes to the URLs and/or IP addresses of the Persona services

   In an effort to keep traffic to a minimum, fully backwards-compatible changes, like the introduction of new features, will not be covered on persona-notices.

   We encourage all relying parties (RPs), identity providers (IDPs) and developers to join this list now.

   If you have any other suggestions on how to improve our communication with those who rely on Persona, please let us know.

Archive