New Firefox offers MITM protection via public key pinning
Posted on 03 September 2014.
Mozilla has released the latest version of Firefox (v32) for Windows, Mac, Linux, and Android, and the new browser sports some notable security improvements.

For one, the new version has public key pinning support enabled.

"Public Key Pinning is a mechanism for sites to specify which certificate authorities have issued valid certs for that site, and for user-agents to reject TLS connections to those sites if the certificate is not issued by a known-good CA. Public key pinning prevents man-in-the-middle attacks due to rogue CAs not on the site's list," the company explained, and added that the fact that Firefox didn't have support for it enabled is why they didn't detect the rogue SSL certificates created after the DigiNotar attack.

For now, the list of pinned sites include Twitter' and some of its subdomains, and Mozilla's own sites. Future versions will pin additional Twitter online assets, Google's, Dropbox, Firefox accounts and the TOR website.

Secondly, the company has removed some 1024-bit root certificates from its trust list (digital certificates that use 1024-bit RSA keys are no longer considered safe), and thirdly, three critical, two high and one moderate security vulnerability have been fixed.

This latest version also has other performance improvements, a list of which you can check out here.









Spotlight

Whitepaper: 10 things your next firewall must do

For enterprises looking at Next-Generation Firewalls, the most important consideration is: will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling them.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, May 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //