Individuals’ security and privacy on the internet are fundamental. Living up to that principle we are announcing the following changes to Mozilla’s Root Store Policy (MRSP) which will come into & Read more

The post Upgrading Mozilla’s Root Store Policy to Version 2.7.1 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/04/26/mrsp-v-2-7-1/

We are pleased to announce that Firefox 88 is introducing a new protection against privacy leaks on the web. Under new limitations imposed by Firefox, trackers are no longer able & Read more

The post Firefox 88 combats window.name privacy abuses appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/04/19/firefox-88-combats-window-name-privacy-abuses/

Today, with the launch of Firefox 87, we are excited to introduce SmartBlock, a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode. SmartBlock ensures that strong & Read more

The post Firefox 87 introduces SmartBlock for Private Browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/

  We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string & Read more

The post Firefox 87 trims HTTP Referrers by default to protect user privacy appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/

Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they & Read more

The post Firefox 86 Introduces Total Cookie Protection appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/

Trackers and adtech companies have long abused browser features to follow people around the web. Since 2018, we have been dedicated to reducing the number of ways our users can & Read more

The post Firefox 85 Cracks Down on Supercookies appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

Background Two years ago, we announced experimental support for the privacy-protecting Encrypted Server Name Indication (ESNI) extension in Firefox Nightly. The Server Name Indication (SNI) TLS extension enables server and & Read more

The post Encrypted Client Hello: the future of ESNI in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections & Read more

The post Design of the CRLite Infrastructure appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/12/01/crlite-part-4-infrastructure-design/

Overview The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain namessuch as mozilla.orginto IP addresses, which & Read more

The post Measuring Middlebox Interference with DNS Records appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/11/17/measuring-middlebox-interference-with-dns-records/

  Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure & Read more

The post Firefox 83 introduces HTTPS-Only Mode appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/

Throughout 2020, Firefox users have been seeing fewer secure connection errors while browsing the Web. We’ve been improving connection errors overall for some time, and a new feature called Intermediate & Read more

The post Preloading Intermediate CA Certificates into Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/11/13/preloading-intermediate-ca-certificates-into-firefox/

A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user & Read more

The post Firefox 79 includes protections against redirect tracking appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/08/04/firefox-79-includes-protections-against-redirect-tracking/

We intend to update Mozilla’s Root Store Policy to reduce the maximum lifetime of TLS certificates from 825 days to 398 days, with the aim of protecting our users HTTPS & Read more

The post Reducing TLS Certificate Lifespans to 398 Days appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/

Cryptographic primitives, while extremely complex and difficult to implement, audit, and validate, are critical for security on the web. To ensure that NSS (Network Security Services, the cryptography library behind & Read more

The post Performance Improvements via Formally-Verified Cryptography in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/07/06/performance-improvements-via-formally-verified-cryptography-in-firefox/

Mozilla has sent a CA Communication and Survey to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about current expectations. Additionally this survey will collect input & Read more

The post May 2020 CA Communication appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/05/08/may-2020-ca-communication/

Firefox has one of the oldest security bug bounties on the internet, dating back to 2004. From 2017-2019, we paid out $965,750 to researchers across 348 bugs, making the average payout $2,775  but as you can see in the & Continue reading

The post Firefoxs Bug Bounty in 2019 and into the Future appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/04/23/bug-bounty-2019-and-future/

Starting in version 75, Firefox can be configured to use client certificates provided by the operating system on Windows and macOS. Background When Firefox negotiates a secure connection with a website, the web server sends a certificate to the browser & Continue reading

The post Expanding Client Certificates in Firefox 75 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/

Prior to being able to display a web page within a browser the rendering engine checks and verifies the MIME type of the document being loaded. In case of an html page, for example, the rendering engine expects a MIME & Continue reading

The post Firefox 75 will respect nosniff for Page Loads appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/04/07/firefox-75-will-respect-nosniff-for-page-loads/

The Multi-Account Containers Add-on will now sync your container configuration and site assignments. Firefox Multi-Account Containers allows users to separate their online identities into different tab types called Containers. Each Container has its own separate storage and cookies.  This way, & Continue reading

The post Multi-Account Containers Add-on Sync Feature appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/02/06/multi-account-containers-sync/

CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual queries can bring, and does so for the whole Web, & Continue reading

The post CRLite: Speeding Up Secure Browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/01/21/crlite-part-3-speeding-up-secure-browsing/