New Firefox offers MITM protection via public key pinning
Mozilla has released the latest version of Firefox (v32) for Windows, Mac, Linux, and Android, and the new browser sports some notable security improvements.
For one, the new version has public key pinning support enabled.
“Public Key Pinning is a mechanism for sites to specify which certificate authorities have issued valid certs for that site, and for user-agents to reject TLS connections to those sites if the certificate is not issued by a known-good CA. Public key pinning prevents man-in-the-middle attacks due to rogue CAs not on the site’s list,” the company explained, and added that the fact that Firefox didn’t have support for it enabled is why they didn’t detect the rogue SSL certificates created after the DigiNotar attack.
For now, the list of pinned sites include Twitter’ and some of its subdomains, and Mozilla’s own sites. Future versions will pin additional Twitter online assets, Google’s, Dropbox, Firefox accounts and the TOR website.
Secondly, the company has removed some 1024-bit root certificates from its trust list (digital certificates that use 1024-bit RSA keys are no longer considered safe), and thirdly, three critical, two high and one moderate security vulnerability have been fixed.
This latest version also has other performance improvements, a list of which you can check out here.