In accordance with the Mozilla Manifesto, which emphasizes the open development of policy that protects users’ privacy and security, we have worked with the Mozilla community over the past several & Read more

The post Upgrading Mozilla’s Root Store Policy to Version 2.8 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2022/05/23/upgrading-mrsp-to-v-2-8/

In our continued efforts to improve the security of the web PKI, we are taking a multi-pronged approach to tackling some long-existing problems with revocation of TLS server certificates. In & Read more

The post Revocation Reason Codes for TLS Server Certificates appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2022/05/16/revocation-reason-codes-for-tls-server-certificates/

  For decades users have been pressing Ctrl+C or relying on copy buttons. All these tricks and shortcuts to speed up text processing have become natural and intuitive to us. & Read more

The post Preventing secrets from leaking through Clipboard appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/12/15/preventing-secrets-from-leaking-through-clipboard/

In keeping with our commitment to the security and privacy of individuals on the internet, Mozilla is increasing our oversight and adding automation to our compliance-checking of publicly trusted intermediate & Read more

The post Improving the Quality of Publicly Trusted Intermediate CA Certificates with Enhanced Oversight and Automation appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/12/09/improved-quality-of-intermediate-certificates-with-enhanced-oversight-and-automation/

Add-ons are a powerful way to extend and customize Firefox. At Mozilla, we are committed not only to supporting WebExtensions APIs, but also ensuring the safety and reliability of the & Read more

The post Securing the proxy API for Firefox add-ons appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/

We are happy to announce that the Firefox 93 release brings two exciting privacy improvements for users of Strict Tracking Protection and Private Browsing. With a more comprehensive SmartBlock 3.0, & Read more

The post Firefox 93 features an improved SmartBlock and new Referrer Tracking Protections appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/10/05/firefox-93-features-an-improved-smartblock-and-new-referrer-tracking-protections/

  Downloading files on your device still exposes a major security risk and can ultimately lead to an entire system compromise by an attacker. Especially because the security risks are & Read more

The post Firefox 93 protects against Insecure Downloads appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/10/05/firefox-93-protects-against-insecure-downloads/

As part of our continuing work to ensure that Firefox provides secure and private network connections, it periodically becomes necessary to disable configurations or even entire protocols that were once & Read more

The post Securing Connections: Disabling 3DES in Firefox 93 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/10/05/securing-connections-disabling-3des-in-firefox-93/

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this & Read more

The post Mozilla VPN Security Audit appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/08/31/mozilla-vpn-security-audit/

We are pleased to announce a new, major privacy enhancement to Firefox’s cookie handling that lets you fully erase your browser history for any website. Today’s new version of Firefox & Read more

The post Firefox 91 Introduces Enhanced Cookie Clearing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/

  We are excited to announce that, starting in Firefox 91, Private Browsing Windows will favor secure connections to the web by default. For every website you visit, Firefox will & Read more

The post Firefox 91 introduces HTTPS by Default in Private Browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/

  Starting with version 90, Firefox will automatically find and offer to use client authentication certificates provided by the operating system on macOS and Windows. This security and usability improvement & Read more

The post Making Client Certificates Available By Default in Firefox 90 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/07/28/making-client-certificates-available-by-default-in-firefox-90/

  The File Transfer Protocol (FTP) has long been a convenient file exchange mechanism between computers on a network. While this standard protocol has been supported in all major browsers & Read more

The post Stopping FTP support in Firefox 90 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/07/20/stopping-ftp-support-in-firefox-90/

Today, with the launch of Firefox 90, we are excited to announce a new version of SmartBlock, our advanced tracker blocking mechanism built into Firefox Private Browsing and Strict Mode. & Read more

The post Firefox 90 introduces SmartBlock 2.0 for Private Browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/07/13/smartblock-v2/

  We are pleased to announce that Firefox 90 will support Fetch Metadata Request Headers which allows web applications to protect themselves and their users against various cross-origin threats like & Read more

The post Firefox 90 supports Fetch Metadata Request Headers appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/07/12/firefox-90-supports-fetch-metadata-request-headers/

Mozilla offers GPG signing to let you verify the integrity of our Firefox builds. GPG signatures for Linux based builds are particularly important, because it allows Linux distributions and other & Read more

The post Updating GPG key for signing Firefox Releases appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/06/02/updating-gpg-key-for-signing-firefox-releases/

At Mozilla, we believe that your right to privacy is fundamental. Unfortunately, for too long cookies have been used by tracking companies to gather data about you as you browse & Read more

The post Firefox 89 blocks cross-site cookie tracking by default in private browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/06/01/total-cookie-protection-in-private-browsing/

Your personal data is yours  and it should remain yours! Unfortunately data breaches that reveal your personal information on the internet are omnipresent these days. In fact, fraudulent use & Read more

The post Updates to Firefoxs Breach Alert Policy appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/05/25/updates-to-firefoxs-breach-alert-policy/

When two major vulnerabilities known as Meltdown and Spectre were disclosed by security researchers in early 2018, Firefox promptly added security mitigations to keep you safe. Going forward, however, it & Read more

The post Introducing Site Isolation in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/

We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store & Read more

The post Beware of Applications Misusing Root Stores appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/

Individuals’ security and privacy on the internet are fundamental. Living up to that principle we are announcing the following changes to Mozilla’s Root Store Policy (MRSP) which will come into & Read more

The post Upgrading Mozilla’s Root Store Policy to Version 2.7.1 appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/04/26/mrsp-v-2-7-1/

We are pleased to announce that Firefox 88 is introducing a new protection against privacy leaks on the web. Under new limitations imposed by Firefox, trackers are no longer able & Read more

The post Firefox 88 combats window.name privacy abuses appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/04/19/firefox-88-combats-window-name-privacy-abuses/

Today, with the launch of Firefox 87, we are excited to introduce SmartBlock, a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode. SmartBlock ensures that strong & Read more

The post Firefox 87 introduces SmartBlock for Private Browsing appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/

  We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string & Read more

The post Firefox 87 trims HTTP Referrers by default to protect user privacy appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/

Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they & Read more

The post Firefox 86 Introduces Total Cookie Protection appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/

Trackers and adtech companies have long abused browser features to follow people around the web. Since 2018, we have been dedicated to reducing the number of ways our users can & Read more

The post Firefox 85 Cracks Down on Supercookies appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/01/26/supercookie-protections/

Background Two years ago, we announced experimental support for the privacy-protecting Encrypted Server Name Indication (ESNI) extension in Firefox Nightly. The Server Name Indication (SNI) TLS extension enables server and & Read more

The post Encrypted Client Hello: the future of ESNI in Firefox appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections & Read more

The post Design of the CRLite Infrastructure appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/12/01/crlite-part-4-infrastructure-design/

Overview The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain namessuch as mozilla.orginto IP addresses, which & Read more

The post Measuring Middlebox Interference with DNS Records appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/11/17/measuring-middlebox-interference-with-dns-records/

  Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure & Read more

The post Firefox 83 introduces HTTPS-Only Mode appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/