Mozilla has released the latest version of its Firefox browser with a brand new security feature by improving the way encryption is managed in the Firefox. New Firefox 37 version has been released for various platforms: Windows, Linux, OS X and Android. At last month’s Pwn2Own browser security competition, various bugs were found in all existing web browsers and this release deals and fixes them all. Firefox 37 now has a new feature called “opportunistic encryption” for any website that supports HTTP/2 AltSvc standard.
Apart from Firefox, at the Pwn2Own hackathon, hackers found bugs in Google Chrome, Safari, IE 11 and Adobe’s Reader and Flash.
What is Opportunistic Encryption?
In simpler language, opportunistic encryption implemented in Firefox 37 is something between a full HTTP encryption and no encryption, and is easy to implement. Now the Firefox browser will encrypt the data over the plaintext HTTP connection and it won’t have to worry about authentication. Thus, this opportunistic encryption could be implemented very easily and it will help you to get at least some security against the passive surveillance. This will be helpful if you aren’t using any encryption techniques.
Mozilla’s Patrick McManus writes on his blog:
“OE provides unauthenticated encryption over TLS for data that would otherwise be carried via clear text. This creates some confidentiality in the face of passive eavesdropping, and also provides you much better integrity protection for your data than raw TCP does when dealing with random network noise. The server setup for it is trivial.”
McManus stressed on the fact that opportunistic encryption is a big bonus for HTTP, but it isn’t as good as HTTPS. Opportunistic encryption doesn’t help you to protect yourself from active man-in-the-middle (MITM) attackers.
What are the other improvements?
Apart from this opportunistic encryption, Firefox 37 provides an additional way to cope up with bad security certificates. A new feature named OneCRL will push bad and revoked certificates to the web browser. Firefox also adds HTTPS to Bing.
Firefox also introduced Heartbeat user rating system to gather user feedback and include it into the upcoming Firefox releases.
Beyond support for OE, the latest build of Firefox also adds an improved way to protect against bad security certificates. The new feature called OneCRL lets Mozilla push lists of revoked certificates to the browser instead of depending on an online database.
Download Firefox 37 from the links given below:
Are you going to install the new and more secure Firefox 37? Tell us in comments!
Stay tuned for latest technology and security updates from fossBytes!