What does Firefox do to secure my web browsing?

by Unknown

Firefox is fast, flexible and SECURE
We all know that our browsers have "Security features" to secure our web browsing, but what exactly are those "features".
Below I discuss all the methods firefox applies to make it a secure browser.

See Also

The best firefox addons to Turbo Boost your browsing this 2014

Secure Connection Detection

When loading a web page, the connections the browser establishes with the web server can be encrypted or not. We can see an url uses encryption by the 'https' protocol. But having HTTPS does not necessarily mean that the connection is reliably secure. A website should also be able to identify itself.
Firefox shows one of the four icons on left of the web address:

Grey Globe

Grey Globe specifies that the connection was served over HTTP ie. is unencrypted.

Warning Triangle

The connection is partially secure, it was served over HTTPS but contains unencrypted content which were served over http.

Grey Padlock

The connection is secure and the website's address was verified.

Green Padlock

The connection is secure and website's address has been verified using an Extended Validation (EV) certificate.

An EV certificate requires extensive verification of the requesting entity's identity by the certificate authority (CA) before a certificate is issued.

Built-in Phising and Malware protection

Powered by Google safe browsing, Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled.



Plugin Blocklist

Add-ons that cause stability or security issues are put on a blocklist.
  • Disables unsafe add-ons
  • Blocks unsafe add-ons from being installed
  • Prevents plugins from running automatically


Here is a list of blocked addons

Sandboxed Plugins

On Windows and Mac OS X with adobe flash player 11.3+.
A sandbox is a restricted environment in which certain functions are prohibited. For example, deleting files and modifying system information such as Registry settings and other control panel functions may be prohibited. Sandboxes are used when executable code has come from an external source that is not entirely trusted.
Protects user from flash plugin related malware attacks.

Mixed content blocking

When you visit a https encrypted page, there can be content still served over http which would be unencrypted. Firefox, in such cases, will block all the unencrypted content automatically.

Content Security Policy

Content Security Policy (CSP) allows a site owner to explicitly specify sources from where the content is allowed to be loaded. This prevents Cross Site Scripting (XSS) and data injection attacks.

Same Origin Policy

It specifies documents retrieved from distinct origins to be isolated from each other. The policy disallows a website's script to access a page from another domain. This helps in preventing Cross Site Scripting (XSS) attacks.

Smart 3rd Party Cookie Blocking

Cookie is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. But when you visit a website, various 3rd party cookies are also set. There are generally from web trackers and advertising company to track a user across all pages where the tracker is available. That's why you see advertisements targeted specifically for you.
But not all 3rd party cookies are bad. For example when you visit a website with a facebook like button then facebook needs to set cookie to authenticate your login. Firefox by default, only allows to set 3rd party cookies if you have visited those website ie. facebook cookie will only be set if you have visited facebook.com. Since you rarely visit advertising companies website, those cookies will be blocked.

3 state Do not track

Disabled by default. When you turn on the Do-not-track feature, Firefox tells every website you visit (as well as their advertisers and other content providers) that you don't want your browsing behavior tracked. Honoring this setting is voluntary.

Firefox allows you to set one of the three states:
  • “user says nothing”
  • “user says track”
  • “user says don’t track”.

Outdated Plugin check

Plugins are built outside of Firefox by companies like Adobe Systems and Apple. Plugins don't always update automatically. Old plugins increase your risk for attack by malware, viruses, and other security threats. You can go to https://www.mozilla.org/en-US/plugincheck/ to check if your plugins are up to date.



Out of process Plugin container

A crash protection feature isolates certain plugins from the browser process. Each plugin are loaded separately from Firefox in a plugin-container process, allowing the main Firefox process to stay open if a plugin crashes.



Secure Software Installation

A secure connection is required before you can install add-ons and other 3rd party software.

Anti-Virus Integration

Firefox integrates with your computer’s anti-virus software, scans your downloads automatically.

Privacy and Security Addons

Firefox has the best security and privacy addons available like:

  • Adblock Plus
  • NoScript Security Suite
  • Web of Trust - WOT
  • Ghostery
  • BetterPrivacy

View them all https://addons.mozilla.org/en-US/firefox/extensions/privacy-security/?sort=users

Mozilla really cares about your privacy

The guys at Mozilla respect user's privacy. They always have opposed internet censorship and surveillance. They collect no or limited data, do not provide this data to any other party. Plus having a 100% opensource code pretty much makes sure they always have good code.

Do comment if you think I have missed anything.

Then just enter your email address to get blog updates
Free content. Unsubscribe at any time. No spam.

Contribute :) Leave a Comment

Comments with Disqus
No comments: with Google+
Labels:

Written By

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)