Firefox 32 Debuts With Improved SSL Security
The new open-source Mozilla browser release supports public-key pinning and fixes half a dozen vulnerabilities.Mozilla is out today with its Firefox 32 release, providing users of the open-source Web browser with new security fixes and features. Firefox 32 now provides support for public-key pinning, which enables enhanced security for Secure Sockets Layer (SSL) certificate authenticity. "Key pinning allows site operators to specify which certificate authorities [CAs] may issue valid certificates for them, rather than accepting any of the many CAs that are trusted," Sid Stamm, senior engineering manager for security and privacy at Mozilla, explained to eWEEK. "This helps reduce the chance that any CA compromise can be leveraged to issue for the site." There have been multiple incidents in the past several years where CAs were somehow compromised, including incidents at Comodo, and DigitNotar in particular. The new key-pinning feature joins multiple mechanisms used by modern Web browsers to help ensure the integrity and authenticity of SSL certificates. Mozilla has long supported the Online Certificate Status Protocol (OCSP), which is used by the browser to check with a CA on the status of a given certificate. An extension of OCSP is a technique known as OCSP Stapling, which helps accelerate the SSL certificate status-checking process.
Going a step further to help improve security, Firefox 32 removes a number of 1,024-bit trust certificates from the browser.