Mozilla patched a zero day uncovered at Pwn2Own in Firefox in 22 hours on Friday.
The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.
The way Firefox caches intermediate CA certificates could allow for the fingerprinting of users and the leakage of browsing details, a researcher warns.
This week HTTPS hit a huge milestone. According to a two-week survey of telemetry data from the Mozilla Firefox browser, 50 percent of page loads used HTTPS.
Mozilla released a new version of Firefox on Wednesday to address a zero day vulnerability that was actively being exploited to de-anonymize Tor Browser users.
Mozilla addressed 29 vulnerabilities, three critical, when it released the latest iteration of its flagship browser, Firefox 50 on Tuesday.
Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.
Martin Thomson, a Principle Engineer at Mozilla confirmed TLS 1.3 will be turned on by default in Firefox 52.
The Firefox browser will now deny TLS connections to servers using weak Diffie-Hellman keys.
Mozilla has proposed banning new SHA-1 certificates from Chinese Certificate Authority WoSign for one year after it accused the CA of back-dating the deprecated certs.