Language Selection

English French German Italian Portuguese Spanish

Mozilla Security

Filed under
Moz/FF
  • Mozilla Releases Thunderbird 38.5 with Address Book Improvements, Security Fixes

    Today, January 7, 2016, Mozilla has announced the immediate availability for download of the Mozilla Thunderbird 38.5.0 email, news and chat client for all supported platforms, including Microsoft Windows, Mac OS X, and GNU/Linux.

  • Mozilla Re-enables SHA-1 Certificate Support in Firefox

    SHA-1 does still matter as Mozilla backtracks on support. However, don't expect the company to support SHA-1 for the long term.

  • Man-in-the-Middle Interfering with Increased Security

    According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm. For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, since there simply aren’t that many new SHA-1 certs being used. However, for Firefox users who are behind certain “man-in-the-middle” devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites. When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server.