Thursday, 4 September 2014

New Firefox 32 Adds Protection Against MiTM Attack and Rogue Certificates

mozilla firefox
Good news for Firefox lovers! The Mozilla Foundation has introduced a bunch of new features in Firefox to improve browser security with the launch of Firefox 32, now available for Windows, Mac, Linux, and Android platforms.

The new version of Firefox makes the browser even more competitive among others. Firefox version 32 has some notable security improvements, including a new HTTP cache for improved performance,public key pinning - a defense that would help protect its users from man-in-the-middle and other attacks, and easy language switching on Android.

PUBLIC KEY PINNING ENABLED BY-DEFAULT
In the latest Firefox version 32, Mozilla has enabled Public Key Pinning support by default that will protect its users from man-in-the-middle-attacks and rogue certificate authorities.

Public key pinning is a security measure that ensures people that they are connecting to the websites they intend to. Pinning allows users to keep track of certificates in order to specify which certificate authorities (CAs) have issued valid certificates for their sites, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.
According to Mozilla, Pinning will improve the security of implementations such as TLS. It “allows site operators to specify which CAs issue valid certificates for them, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox.
If any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal. When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error,” Firefox said in a blog post.
Moreover, a bunch of 1024-bit trust certificates have been removed from the list that Firefox trusts.

HTTP CACHE IMPROVES PERFORMANCE
The new version include a new HTTP cache, which was first made into the code base back in May in the Nightly builds and beta versions and now arrived in a stable release. This is probably the biggest addition in the latest update, since it brings improved performance and better crash recovery to all platforms.
Improvements:
  • request prioritization optimized for first-paint time,
  • ahead of read data pre-loading to speed up large content load,
  • delayed writes to not block first paint time,
  • pool of most recently used response headers to allow 0ms decisions on reuse or re-validation of a cached payload,
  • 0ms miss-time look-up via an index,
  • smarter eviction policies using frecency algorithm,
  • resilience to crashes and zero main thread hangs or jank, and
  • consumes less memory
ANDROID UPDATES
The new Firefox 32 for Android lets you switch between any of 55 languages, regardless of which language the user originally downloaded the browser in and of the locales supported by your device, without restarting the application. Mozilla also added six more languages in this release: Armenian, Basque, Fulah, Icelandic, Scottish Gaelic and Welsh.

The latest update also lets you easily clear your app’s browsing history at the end of every browsing session by tapping the new option at the bottom of your History home screen page.

The full change log is provided here. There's also a number of security advisories addressed in the latest Firefox version 32.

Firefox version 32 is made available on the Firefox official website. All existing users should be able to upgrade to it automatically.

Reference- http://thehackernews.com/

No comments:

Post a Comment