Mozilla Security Blog

Upgrading Mozilla’s Root Store Policy to Version 2.7.1

Ben Wilson

April 26, 2021

Individuals’ security and privacy on the internet are fundamental. Living up to that principle we are announcing the following changes to Mozilla’s Root Store Policy (MRSP) which will come into … Read more

Firefox 88 combats window.name privacy abuses

Tim Huang

April 19, 2021

We are pleased to announce that Firefox 88 is introducing a new protection against privacy leaks on the web. Under new limitations imposed by Firefox, trackers are no longer able … Read more

Firefox 87 introduces SmartBlock for Private Browsing

Thomas Wisniewski

March 23, 2021

Today, with the launch of Firefox 87, we are excited to introduce SmartBlock, a new intelligent tracker blocking mechanism for Firefox Private Browsing and Strict Mode. SmartBlock ensures that strong … Read more

Firefox 87 trims HTTP Referrers by default to protect user privacy

Dimi Lee and Christoph Kerschbaumer

March 22, 2021

We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string … Read more

Firefox 86 Introduces Total Cookie Protection

Tim Huang, Johann Hofmann and Arthur Edelstein

February 23, 2021

Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they … Read more

Firefox 85 Cracks Down on Supercookies

Steven Englehardt and Arthur Edelstein

January 26, 2021

Trackers and adtech companies have long abused browser features to follow people around the web. Since 2018, we have been dedicated to reducing the number of ways our users can … Read more

Encrypted Client Hello: the future of ESNI in Firefox

Kevin Jacobs

January 7, 2021

Background Two years ago, we announced experimental support for the privacy-protecting Encrypted Server Name Indication (ESNI) extension in Firefox Nightly. The Server Name Indication (SNI) TLS extension enables server and … Read more

Design of the CRLite Infrastructure

J.C. Jones

December 1, 2020

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections … Read more

Measuring Middlebox Interference with DNS Records

Austin Hounsel

November 17, 2020

Overview The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain names–such as mozilla.org–into IP addresses, which … Read more

Firefox 83 introduces HTTPS-Only Mode

Christoph Kerschbaumer, Julian Gaibler, Arthur Edelstein and Thyla van der Merwe

November 17, 2020

Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure … Read more

Preloading Intermediate CA Certificates into Firefox

Dana Keeler

November 13, 2020

Throughout 2020, Firefox users have been seeing fewer secure connection errors while browsing the Web. We’ve been improving connection errors overall for some time, and a new feature called Intermediate … Read more

Firefox 79 includes protections against redirect tracking

Steven Englehardt

August 4, 2020

A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user … Read more