Web Authentication (WebAuthn), a recent web standard blending public-key cryptography into website logins, is our best technical response to credential phishing. That’s why we’ve championed it as a technology. The FIDO U2F API is the spiritual ancestor of WebAuthn; to-date, & Continue reading

The post Backward-Compatibility FIDO U2F support shipping soon in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2019/04/04/shipping-fido-u2f-api-support-in-firefox/

Firefox 66, being released this week, supports using the Windows Hello feature for Web Authentication on Windows 10, enabling a passwordless experience on the web that is hassle-free and more secure. Firefox has supported Web Authentication for all desktop platforms & Continue reading

The post Passwordless Web Authentication Support via Windows Hello appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2019/03/19/passwordless-web-authentication-support-via-windows-hello/

Mozilla maintains a database containing a set of “root” certificates that we use as “trust anchors”. This database, commonly referred to as a “root store”, allows us to determine which Certificate Authorities (CAs) can issue SSL/TLS certificates that are trusted & Continue reading

The post Why Does Mozilla Maintain Our Own Root Certificate Store? appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/

For years, web users have endured major privacy violations. Their browsing continues to be routinely and silently tracked across the web. Tracking techniques have advanced to the point where users cannot meaningfully control how their personal data is used. At & Continue reading

The post Defining the tracking practices that will be blocked in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2019/01/28/defining-the-tracking-practices-that-will-be-blocked-in-firefox/

Mozillas Position on Data Breaches Data breaches are common for online services. Humans make mistakes, and humans make the Internet. Some online services discover, mitigate, and disclose breaches quickly. Others go undetected for years. Recent breaches include “fresh” data, which & Continue reading

The post When does Firefox alert for breached sites? appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/

As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. & Continue reading

The post Firefox 63 Lets Users Block Tracking Cookies appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/

As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. & Continue reading

The post Firefox 63 Lets Users Block Tracking Cookies appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/

As announced in August, Firefox is changing its approach to addressing tracking on the web. As part of that plan, we signaled our intent to prevent cross-site tracking for all Firefox users and made our initial prototype available for testing. & Continue reading

The post Firefox 63 Lets Users Block Tracking Cookies appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/

TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site that & Continue reading

The post Encrypted SNI Comes to Firefox Nightly appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/

In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity.  TLS 1.0 will be 20 years old in January 2019.  In that time, TLS has protected billions  & Continue reading

The post Removing Old Versions of TLS appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

Due to a long list of documented issues, Mozilla previously announced our intent to distrust TLS certificates issued by the Symantec Certification Authority, which is now a part of DigiCert. On August 13th, the next phase of distrust was enabled & Continue reading

The post Delaying Further Symantec TLS Certificate Distrust appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/10/delaying-further-symantec-tls-certificate-distrust/

Providing a web browser that you can depend on year after year is one of the core tenet of the Firefox security strategy. We put a lot of time and energy into making sure that the software you run has & Continue reading

The post Trusting the delivery of Firefox Updates appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/09/trusting-the-delivery-of-firefox-updates/

The HTTP Referrer Value Navigating from one webpage to another or requesting a sub-resource within a webpage causes a web browser to send the top-level URL in the HTTP referrer field. Inspecting that HTTP header field on the receiving end & Continue reading

The post Supporting Referrer Policy for CSS in Firefox 64 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/10/02/supporting-referrer-policy-for-css-in-firefox-64/

Mozilla has sent a CA Communication to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about current events relevant to their membership in our program and to remind them of upcoming deadlines. This CA Communication has & Continue reading

The post September 2018 CA Communication appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/17/september-2018-ca-communication/

Mozilla has sent a CA Communication to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about current events relevant to their membership in our program and to remind them of upcoming deadlines. This CA Communication has & Continue reading

The post September 2018 CA Communication appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/17/september-2018-ca-communication/

At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks are possible. Mozilla’s original usage of GitHub was an alternative way to provide access to & Continue reading

The post Protecting Mozilla’s GitHub Repositories from Malicious Modification appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/11/protecting-mozillas-github-repositories-from-malicious-modification/

At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks are possible. Mozilla’s original usage of GitHub was an alternative way to provide access to & Continue reading

The post Protecting Mozilla’s GitHub Repositories from Malicious Modification appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/11/protecting-mozillas-github-repositories-from-malicious-modification/

At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks are possible. Mozilla’s original usage of GitHub was an alternative way to provide access to & Continue reading

The post Protecting Mozilla’s GitHub Repositories from Malicious Modification appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/11/protecting-mozillas-github-repositories-from-malicious-modification/

Mozilla has recently announced a change in our approach to protecting users against tracking. This announcement came as a result of extensive research, both internally and externally, that shows that users are not in control of how their data is & Continue reading

The post Why we need better tracking protection appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/09/05/why-we-need-better-tracking-protection/

On friday the IETF published TLS 1.3 as RFC 8446. It’s already shipping in Firefox and you can use it today. This version of TLS incorporates significant improvements in both security and speed. Transport Layer Security (TLS) is the protocol & Continue reading

The post TLS 1.3 Published: in Firefox Today appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/