Browser

Securing Firefox: How to avoid hacker attacks on Mozilla's browser

Getting started

Security problems with Microsoft's dominant Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as an alternative for Web surfers.

However, Firefox users should be aware that hackers can exploit software flaws and design features to launch attacks.

The following configuration changes, recommended by CERT/CC, can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.

To get started, select Tools, then Options.

IMPORTANT NOTE: The images from these CERT/CC recommendations came from an older version of Firefox. On newer versions, the display screens will vary slightly but the advice/recommendations still apply.

21 comments
melvyn_ingram
melvyn_ingram

RE: Getting started (Securing Firefox: How to avoid hacker attacks on Mozilla's browser) Excellent,brilliant! Had not thought of it, many, many thanks. Being first timer it has help me greatly. Melv

ali40961
ali40961

Why would you NOT use the LATEST version? Seems kinda backwards to write an article to publish TODAY using screenshots from an OLDER version.... JMHO

TJ111
TJ111

I want to know how my computer can be compromised by allowing javascript to move or resize windows? Sure it can get annoying at times, but I see no security vulnerability there. I can understand the disabling the context menu replacement, as that would be a breeding ground for phishing. All in all a nice article, might link to it from my employee page, but not much new for the webbies around here.

bill.friday
bill.friday

Good article. Only problem I have is that I can't print it out as one nice file which would make it even more useful.

robertsoer
robertsoer

Excellent! Had not thought of it, many thanks.

StillWaters
StillWaters

The No Script add-on is a great supplement to the Java script recommendation. With it you can configure FireFox to allow java scripts on a site by site basis. This add-on also provides settings for trusted/untrusted sites and cross-site functionality. Cookies can be allowed site-by-site and can be limited to Session cookies. This has worked well for the sites I access frequently. When clearing private data, I set the option to clear when exiting. That way nothing remains in my history for a hacker to retrieve.

Interested Amateur
Interested Amateur

I just wanted to tell you that you can configure Firefox using preferences. Type about:config in the address textbox and press Enter. This will open the preferences in Firefox so you can format many things. As an example, I have changed the dotted border around a link when it has focus from 1 pixel to 3 pixels. Now these tired, old eyes can see where the focus is without having to squint at the screen. I hope this helps, too... Interested Amateur

martian
martian

That's exactly what I was saying also. Kinda dumb to have screenies for an older version on a "supposed" tech site...

j.perryman
j.perryman

Screenshots should be for most current version of Firefox; 2.0.0.4

Interested Amateur
Interested Amateur

I believe the bad guys can resize a redirected page so that you can't see it. You would be opening a page you can't see that automatically sends you malware. Even if I'm wrong about this it's far better to be safe than sorry and not allow resizing. I'm still learning so this is only my opinion. I'm sure someone will correct me if I'm wrong. Interested Amateur

barthelm
barthelm

Good article. These seem like pretty reasonable steps to make things more secure. I agree with Bill that a printable (PDF) version of this would be helpful. It would be much easier to share with colleagues. Did I ever mention how much I hate the "save my password" feature?!!! If I've reset one I've reset 1,000 passwords because our users take the easy approach to password security (which is none) and activate this feature. Come on people key in your passwords; it doesn't take that much time. OK, I'm done with my morning rant...

chhatraliamd
chhatraliamd

Respected friends, subject : i am using window 7 prof. and my pc is connected to network . 1 I am very much interested to secure my pc which is connected to network. 2. after installing new win7 prof os please help me what action should i following before , during and after insttation of above said os. 3 i am working withteaching and maintenance of instrumentats and also doing pc hardware maintenance and for repairs of harddisk which software should i use ? as one of my hard disk is found in cmos setuo but i could not able to find in window explorer. 4 my self very much interested to configure my microsoft internet explorer 9 beta version . 5 may i know how to protect my web broser for security reasons waiting from your end warm regrads chhatraliamd

melvyn_ingram
melvyn_ingram

Your help and what I have copy, has may me more secure in using Mozilla browser. Many thanks. Melvyn

martian
martian

What version is this? Definitely doesn't look anything like the current one of 2.0.0.4 So this example is pretty much insecure already by using outdated software. Way to go guys...

borisb
borisb

some of the options being recommended don't seem to exist (or are buried under a completely different drill-down path) in the current version.

sdcphoneguy
sdcphoneguy

you will see that a link is provided to cert.org which puts all the info in the article on one web page. If you would like a pdf of it you can then install Foxit pdf reader (it is free) and it will allow you to print the web page to a pdf file. http://www.foxitsoftware.com

StillWaters
StillWaters

you meant this for my post. I'm running 2.0.0.4 and have No Script installed with the settings I indicated.

lodestone
lodestone

. . . with some digging I found that all the options from the article were there. --Allen

jda_jon
jda_jon

You guys are right bout the version and screen shots he presented. But...if you are technical enough, you should know what you're looking for.

pcorneillie
pcorneillie

... this still does not show all the options mentioned in the screenshots. It is a real joke to show screenshots of an old version concerning a recent discovered breach in security. Could be of course that the internal policy at C|Net did not allow the editor of the article to update FF on his computer.

bmwer1
bmwer1

Tools, Options, then click each of the icons at the top of the page