Configure Firefox's settings to strengthen security

Despite its recent spate of security vulnerabilities, the default installation of the Firefox browser is actually pretty secure. However, as its popularity continues to grow, it's a good idea to add a standard layer of security to better protect your organization's users. Mike Mullins walks you through the settings in Firefox's Options window to help you boost the browser's security.

Despite its recent spate of
security vulnerabilities, the Mozilla-based Firefox browser appears to be
as popular as ever. While the browser’s growth has
somewhat slowed, Firefox continues to gain on Microsoft’s Internet
Explorer.

Firefox’s default installation is actually pretty secure. However,
the number of Firefox users continues to increase, and such popularity often
spells more attention from attackers. With so many people using Firefox, it’s a
good idea to add a standard layer of security to better protect your organization’s
users.

Let’s walk through Firefox’s Options window (which you can
access by going to Tools | Options) and look at some tweaks you can make to
boost the security of the browser. Keep in mind that all of these suggested
settings assume that the user login is for a single user and not shared among
multiple users.

The Options window has five sections: General, Privacy, Web
Features, Downloads, and Advanced. Because the General section focuses more on
the browser’s look and feel, we’ll skip this one.

Privacy

History: This setting is self-explanatory.
All you need to do is set it to a reasonable number of days. The default
is nine days.
Saved Form Information: This is a handy
feature for all single-user profiles; it lets the browser remember what
you’ve typed in the past and automatically make suggestions. It’s safe to enable
the feature.
Saved Passwords: This setting is more
of a gray area. You tell users to remember passwords—should you allow
their browsers to remember passwords as well? I recommend allowing this
feature and setting the master password for workstations that don’t leave
your company area. If the system is a laptop, deselect the Remember
Passwords option. That way, if someone steals the machine and accesses the
account, the thief won’t have access to every saved password a user has stored.
Download Manager History: There’s
no need to keep track of all of your downloads, so I suggest setting it to
Remove Files From The Download Manager When Firefox Exits.
Cookies: This is a hotly debated
subject. I recommend selecting Allow Sites To Set Cookies and choosing For
The Originating Web Site Only. In addition, select the Until I Close
Firefox option for how long the browser should store the cookies. With
this last option, cookies only help you browse while you’re using the
machine, but they don’t provide endless browsing habit information to
cookie vendors.
Cache: For this setting, decide on
a reasonable amount of disk space.

Web Features

Block Popup Windows: I suggest
selecting this check box—it’s a feature every browser should have.
Allow Web Sites To Install Software:
Go ahead and select this check box. When you allow a site to install
software, Firefox will add it to the Allowed Sites list.
Load Images: Select both this check
box and the For The Originating Web Site Only check box. You can always go
back and specifically allow or block individual sites.
Enable Java: Select this check box.
Enable JavaScript: Select this
check box; clicking the Advanced button opens the Advanced JavaScript
Options window.

Downloads

Download Folder: I suggest
creating a Downloads folder for storing all of your downloads. This makes
it easier to scan your downloads once you’re finished.
Download Manager: I recommend
selecting both check boxes: Show Download Manager Window When A Download
Begins and Close The Download Manager When All Downloads Are Complete.
File Types: I wouldn’t allow any
Microsoft product to perform any action automatically—that’s likely one of
the reasons you’re using the Firefox browser.

Advanced

Accessibility, Browsing, and Tabbed Browsing:
All three areas are functional and involve no security issues.
Software Update: Select the
Firefox check box, which allows the browser to update itself. I recommend not selecting the My Extensions And
Themes check box to allow for updates.
Security: To provide maximum cross-site
functionality, I suggest selecting all three check boxes: Use SSL 2.0, Use
SSL 3.0, and Use TLS 1.0.
Certificates: Under Client
Certificate Selection, select the Ask Every Time check box, which focuses
user attention to the start of a secure session.
Validation: Under OCSP (Online
Certificate Status Protocol), select the Use OCSP To Validate Only Certificates
That Specify An OCSP Service URL option.

Final thoughts

After running through all of these various Firefox settings,
you might be wondering how to deal with security zones, browser helper objects
(BHOs), and ActiveX. Don’t worry: These are Microsoft inventions that support Microsoft
products. As long as you use Firefox, they won’t bother you anymore.

Worried about security
issues? Who isn’t? Automatically
sign up for our free Security Solutions newsletter, delivered each Friday,
and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant
network administrator and a network security administrator for the U.S. Secret
Service and the Defense Information Systems Agency. He is currently the
director of operations for the Southern Theater Network Operations and Security
Center.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE These guidelines from TechRepublic Premium will help you define the necessary ingredients of a security policy and assist in its proper construction. They’re designed to work hand in hand with the subjective knowledge you have of your company, environment and employees. Using this information, your business can establish new policies or elaborate on those ...

PURPOSE Recruiting an Artificial Intelligence Architect with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides an adjustable framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

Configure Firefox’s settings to strengthen security