The Firefox Update Prevents MITM Attacks

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

The Mozilla Foundation has stepped up its efforts to improve browser security with the launch of Firefox 32, adding public key pinning to try and protect users from man-in-the-middle and other attacks.

Public key pinning security feature that helps ensure that people are connecting to the sites they intend. Pinning allows webmasters to specify which certificate authorities (CAs) issue valid certificates for their sites, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.

This means pinning can be used to protect Firefox users from man-in-the-middle-attacks and rogue certificate authorities. Whether a CA mis-issues a certificate, or when the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection.

firefox public key pinning
firefox public key pinning

Here is an example of an error message generated by the public key pinning feature in Firefox.

firefox public key pinning MITM
firefox public key pinning MITM

The change is among a number of enhancements offered in the new version, now available for Windows, Mac, Linux and Android users.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]