Mozilla has responded to a recent damning security assessment by improving how encryption is handled inside the Firefox browser to make browsing safer.
In response to various bugs pointed out by the Pwn2Own browser security competition last month, Firefox 37 has a number of improvements headed by the addition of "opportunistic encryption" to any sites supporting the HTTP/2 AltSvc standard.
It basically means that Firefox users will be safeguarded against passive (dragnet) surveillance. However, users could still be susceptible to man-in-the-middle attacks, something that is protected by HTTPS encryption.
Other browsers hit too
The new version also supports encrypted Bing search, includes the OneCRL list of revoked certificates to protect users from forged certificates and has updated TLS encryption. The Heartbeat user rating system, which allows users to rate and promote Firefox through other means, will also start to roll out to certain users.
Firefox was by no means the only one to suffer at the Pwn2Own hacking competition. Hackers also found bugs in Internet Explorer 11, Adobe Reader and Flash, Apple's Safari browser, and Google Chrome.
No comments:
Post a Comment