If you are a serious browser/user of the web, you know Mozilla Firefox is tops when
it comes to remaining secure. But even Firefox is not perfect. There are always
ways to improve the already outstanding security in the open source browser
with add-ons. The Firefox add-on library is massive and includes nearly any
additional feature you could want. Included in the library is an ever-growing
number of security add-ons. For those that do not want to wade through the tide
of installable features, I have brought together five of my favorite security add-ons
for Firefox. With these five added features, you should find that Firefox will
meet your highest security standards (within reason of course).
Each of these add-ons are free and can be found (and
installed) from Firefox’s add-ons manager.
1. NoScript Security Suite
Silverlight, and other executable content from running within non-trusted
domains. With this add-on you can dictate the domains which are allowed to run
executable content. This add-on goes a long way to prevent cross-site scripting
attacks, cross-zone DNS rebinding, router hacking, and Clickjacking. Domains
can be blocked permanently or on a temporary basis (Figure A).
Quickly add sites to either white or black list from the options menu.
NoScript can whitelist or blacklist a domain for easy
configuration and control. Once installed, you will also find a number of ads
get caught up in the blocking – making your browsing faster and more secure.
NoScript has plenty of options available, ranging from the simple to complex (Figure
Plenty of options available in NoScript.
2. LastPass Password Manager
Password Manager is for anyone who needs to be able to keep the only kind
of truly secure passwords – those you cannot remember. For that type of
password, you need a password manager. But why bother installing yet another
tool to have to open from your Dash, Start Menu, or Tiles? Instead, add
LastPass Password Manager and gain access to that ever-burgeoning list of
passwords. You do have to create an account with LastPass. During the setup of
LastPass, you set up your account (make sure you use a strong password here – Figure
C) and disable Firefox’s insecure password manager.
Setting up your account for LastPass.
During the setup of LastPass, you can even set up a profile
which will be used when filling in forms (Figure D) – which is much more
secure than having the browser retain your form information.
Set up a profile which will be used when filling in forms.
3. HTTPS Everywhere
is a means to force your browser to use HTTPS with all sites that support
secure HTTP. Some users don’t realize the difference between HTTP and HTTPS;
including this extension on your end-users browser will ensure you do not have
to concern yourself with educating them on the difference or how to point their
browsers to the secure version of a site. You will notice the included link
does not direct to the Firefox Extension page, but to the www.eff.org page. This was due to a Firefox
policy. Hopefully the extension will find its way back to the Extension page
soon. Upon reboot (after installation), you will be prompted to opt into the
SSL Observatory (Figure E).
Opting into the SSL Observatory.
Once installed, you will find a menu to the right of the
address bar, where you can gain quick access to the HTTPS Everywhere features.
One of the more important features is the Enable/Disable Rules (Figure F).
Enabling and disabling rules with HTTPS Everywhere.
You can enable/disable HTTPS Everywhere for all included
sites in the Rules window.
4. AdBlock Plus
Plus is one of the first add-ons you should include with Firefox. If you
find advertising slows down your browsing, it’s possible that reduction in
speed is caused by advertising. Or, if you’re trying to find that tool to
install, but get confused by the Download buttons created by advertisements, it’s
time to take control. To curtail this behavior, install AdBlock Plus. With this
add-on you can blacklist and whitelist specific advertisers. This, of course,
is a tricky proposition, as many of the sites you visit are able to offer you
free content thanks to the ads on the site. So take that into consideration
when you begin blacklisting sites. It is also possible to block known malware
domains (Figure G).
Blocking malware and removing social networking buttons with Adblock Plus.
From within the add-on preferences, you can easily add
filter subscriptions (Figure H).
Just remember to keep the Allow some non-intrusive advertising box checked.
prevents tracking by 2,000+ third-party sites. With this easy add-on you can
stop ad trackers, social widgets, and most other tracking tools before they
load. This will not only speed up your browsing, it will also effectively
prevent those endless attempts at tracking everything you do on the web. As you
use your “Disconnected” browser, you will get immediate feedback on
what is trying to track you (Figure I).
The disconnect tracking window.
After visiting a single page (clicked from within Facebook),
Disconnect caught 20 attempts at tracking and sped up the page load by 6% (Figure
Results of Disconnect blocking tracking elements.
If you’re looking to gain an edge on security within your
Firefox browser, add one or more of these add-ons and see if you’re not happier
with the level of gained security. Each of these offers a unique addition to
the open source browser, extending the capabilities and security to a more