-
Getting started
Security problems with Microsoft's dominant Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as an alternative for Web surfers.
However, Firefox users should be aware that hackers can exploit software flaws and design features to launch attacks.
The following configuration changes, recommended by CERT/CC, can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.
To get started, select Tools, then Options.
IMPORTANT NOTE: The images from these CERT/CC recommendations came from an older version of Firefox. On newer versions, the display screens will vary slightly but the advice/recommendations still apply.
-
Set your default browser and home page
In the General tab, you can manually set your home page and check to ensure Firefox is your default browser.
-
Privacy and cookies
In the Privacy tab, select the Cookies sub-category. Here you can disable cookies or change your preferences for how the browser handles them.
CERT/CC recommends enabling cookies for the original site only. Additionally, by enabling the option unless I have removed cookies set by the site, a web site can be "blacklisted" from setting cookies when its cookies are removed manually.
-
Storing passwords
In general, CERT/CC recommends you do not use the Firefox feature to store passwords.
If you decide to use the feature, be sure to use the measures available to protect the password data on your computer.
Under Firefox's Privacy category, the Passwords subcategory contains various options to manage stored passwords, and a Master Password feature to encrypt the data on your system.
Use this option if you decide to let Mozilla Firefox manage your passwords.
-
Disabling Java
From the Content category, you can configure Firefox to block pop-up ads and warn when web sites try to install extensions or themes.
You should also Disable Java unless required by the site you wish to visit. Again, you should determine if this site is trustworthy and whether you want to enable Java to view the site's content.
Click on "Advanced" to disable specific JavaScript features. See next slide...
-
Disabling JavaScript
This is a continuation of the previous slide. CERT/CC recommends disabling all of the options displayed in this dialog.
-
Downloading files
Firefox's Downloads tab offers the option to change actions taken when files are downloading.
Any time a file type is configured to open automatically with an associated application, this can make the browser more dangerous to use. Vulnerabilities in these associated applications can be exploited more easily when they are configured to open automatically.
Click the View & Edit Actions button to view the current download settings and modify them if necessary.
-
Configuring download actions
The Download Actions dialog shows the file types and the actions the browser will perform when it encounters a given file type.
For any file type listed, click on either Remove Action or Change Action.
See next slide...
-
Saving files
If you click on Change Action (from previous slide), select Save them on my computer to save files of that type to the computer.
This helps prevent automated exploitation of vulnerabilities that may exist in these applications.
-
Clear private data
Firefox includes a feature to Clear Private Data to give users the option to remove potentially sensitive information from the web browser.
Click on Tools, then Save Private data to find the settings (See next slide...)
-
Removing private data
This is where you can configure Firefox to remove potentially sensitive data from the browser (see previous slide).
Getting started
Security problems with Microsoft's dominant Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as an alternative for Web surfers.However, Firefox users should be aware that hackers can exploit software flaws and design features to launch attacks.
The following configuration changes, recommended by CERT/CC, can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.
To get started, select Tools, then Options.
IMPORTANT NOTE: The images from these CERT/CC recommendations came from an older version of Firefox. On newer versions, the display screens will vary slightly but the advice/recommendations still apply.