X41 was asked by Mozilla to review the Firefox Application Update Service (AUS). The results were published today.
The review was conducted by a team of four security experts and in cooperation with cryptographer JP Aumasson.
The reviewed components include:
- the backend service Balrog,
- the Balrog Agent, a scheduler process,
- and Firefox Updater, the code in the Firefox browser handling updates
X41 spent a total of 27 days reviewing the code base to identify security issues in the code running on the client- and serverside. In total, 14 security relevant issues were identified, along with 21 sidefindings.
Our complete results are available in the following report: Balrog Review.
About X41 D-Sec GmbH
X41 D-Sec GmbH is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.
Fields of expertise in the area of application security are security centric code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.
If you have questions about advanced attacks, security audits, or other security research, please get in touch with us.