Webpack received over $100k donations

Mozilla and Trivago showed their support for a popular open-source module bundler
04 August 2017   1895

Webpack, an open-source module bundler, which some experts call " the most flexible and powerful front-end bundling tool" received 2 big donations.

First donation ($120 000) came from the MOSS program to implement WebAssembly as a first-class module type. 

Mozilla Open Source Support (MOSS) is Mozilla’s program for supporting the Open Source and Free Software movement, with a yearly budget of around $3 million. Mozilla was born out of and remains a part of this movement, and we prosper because of its technology and activism. 

This is a huge win for not only WebAssembly, but also the webpack and web ecosystem. We thank the MOSS Program for their support, as we celebrate yet another win for Open Source Sustainability.

Sean Larkin
Program Manager, Webpack Core team & AngularCLI team. 

Second donation ($10 000 per month/ $120 000/year) came from Trivago, large international booking platform.

For the past few years, Webpack has played a central and important role at Trivago. We use it for handling SVG icons and to improve our startup time for the benefit of our users by loading resources on demand. We run a highly complicated build with plenty of custom plugins which perform all sorts of optimizations for us that no other tool would allow us to do. Trivago has decided to step up and ensure the sustainability of the Webpack project by contributing $10 000 per month to the Webpack Open Collective. By more than doubling Webpack’s annual budget, we hope to contribute to an even healthier community that will continue to innovate.

Patrick Gotthardt
Lead JavaScript Architect, Trivago

This donations is a great news not only for a Webpack team, but also for whole open-source community. Learn more about Webpack.

Critical Zero-Day Exploit to be Found at Firefox

Using this bug scammers could install programs, view, change or delete data, as well as create new accounts; users are recommended to update ASAP
19 June 2019   688

Coinbase Security and Google security researcher Samuel Gross discovered a vulnerability in Mozilla Firefox browser that could manipulate Javascript objects. It has already been used to attack users of cryptocurrency. This is reported on Medium.

The zero-day vulnerability received a CVE-2019-11707 identifier, and the bug was assigned a critical or highest threat level by the Firefox,

Critical Impact — Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Firefox Vulnerabilities Types Description

In fact, the attackers could force users to visit malicious websites and thus be able to execute arbitrary code on the devices of their victims. The scammers who used the bug could install programs, view, change or delete data, as well as create new accounts.

Users are urged to upgrade as soon as possible to the new version of Firefox 67.0.3 and Firefox ESR 60.7.1, in which the vulnerability is fixed.