The Firefox Update Prevents MITM Attacks

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

The Mozilla Foundation has stepped up its efforts to improve browser security with the launch of Firefox 32, adding public key pinning to try and protect users from man-in-the-middle and other attacks.

Public key pinning security feature that helps ensure that people are connecting to the sites they intend. Pinning allows webmasters to specify which certificate authorities (CAs) issue valid certificates for their sites, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.

This means pinning can be used to protect Firefox users from man-in-the-middle-attacks and rogue certificate authorities. Whether a CA mis-issues a certificate, or when the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection.

firefox public key pinning
firefox public key pinning

Here is an example of an error message generated by the public key pinning feature in Firefox.

firefox public key pinning MITM
firefox public key pinning MITM

The change is among a number of enhancements offered in the new version, now available for Windows, Mac, Linux and Android users.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0