The Firefox Update Prevents MITM Attacks

firefox public key pinning

The Mozilla Foundation has stepped up its efforts to improve browser security with the launch of Firefox 32, adding public key pinning to try and protect users from man-in-the-middle and other attacks.

Public key pinning security feature that helps ensure that people are connecting to the sites they intend. Pinning allows webmasters to specify which certificate authorities (CAs) issue valid certificates for their sites, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.

This means pinning can be used to protect Firefox users from man-in-the-middle-attacks and rogue certificate authorities. Whether a CA mis-issues a certificate, or when the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection.

firefox public key pinning

Here is an example of an error message generated by the public key pinning feature in Firefox.

firefox public key pinning MITM

The change is among a number of enhancements offered in the new version, now available for Windows, Mac, Linux and Android users.

Related posts

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars