Security Patches

These patches tweak or enhance security-related settings and features, such as enabling HTTPS-only mode, securing PDF handling, and reducing exposure to potentially dangerous web content.

Patches

Certificate Pinning
Harden PDF.js
Enable HTTPS-Only Mode
Prevent Extensions From Changing Browser Settings
Increase Update Frequency
Enable Encrypted Storage
Enable Memory Tagging

Certificate Pinning

Updates and expands the list of domains supported by Mozilla’s built-in certificate pinning.

Reason

To protect against MITM attacks by restricting which certificate authorities can issue valid certificates for included websites. Example of a real-world attack that this protects against: https://blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certificate/.

Effect

Users are provided with a more secure browsing experience.

Reason

Effect

Users are provided with a more secure browsing experience.

Harden PDF.js

Hardens Firefox’s built-in PDF Viewer (PDF.js).

Reason

To reduce attack surface and protect users from various attacks, with changes inspired by GrapheneOS’s PDF Viewer: https://github.com/GrapheneOS/PdfViewer.

Effect

Users are provided with a more secure PDF viewing experience, while still enjoying it from the comfort of their browser.

Reason

To reduce attack surface and protect users from various attacks, with changes inspired by GrapheneOS’s PDF Viewer: https://github.com/GrapheneOS/PdfViewer.

Effect

Users are provided with a more secure PDF viewing experience, while still enjoying it from the comfort of their browser.

Enable HTTPS-Only Mode

Enables HTTPS-only mode by default.

Reason

To encrypt connections whenever possible.

Effect

Improves privacy and security by preventing unencrypted HTTP connections.

Reason

To encrypt connections whenever possible.

Effect

Improves privacy and security by preventing unencrypted HTTP connections.

Prevent Extensions From Changing Browser Settings

Prevents extensions from changing various browser settings.

Reason

To prevent extensions from making unauthorized changes to browser settings.

Effect

Ensures browser settings aren’t changed without explicit user consent.

Reason

To prevent extensions from making unauthorized changes to browser settings.

Effect

Ensures browser settings aren’t changed without explicit user consent.

Increase Update Frequency

Increases the rate at which Firefox syncs with Remote Settings, from every 24 hours to hourly, and the rate at which Firefox checks for add-on updates, from every 12 hours to hourly.

Reason

To improve security for users, by ensuring they are kept up to date as fast as possible.

Effect

Protects users against security vulnerabilities and other potential threats, by ensuring their add-ons and Remote Settings are always up to date.

Reason

To improve security for users, by ensuring they are kept up to date as fast as possible.

Effect

Protects users against security vulnerabilities and other potential threats, by ensuring their add-ons and Remote Settings are always up to date.

Enable Encrypted Storage

Enables encrypted storage (via Android’s Keystore system: https://developer.android.com/privacy-and-security/keystore) for Firefox account state.

Reason

To improve privacy and security for users, by adding extra protection for sensitive data.

Effect

Protects users against unauthorized access/compromise to sensitive data.

Reason

To improve privacy and security for users, by adding extra protection for sensitive data.

Effect

Protects users against unauthorized access/compromise to sensitive data.

Enable Memory Tagging

Enables memory tagging (via Android’s Arm Memory Tagging Extension: https://developer.android.com/ndk/guides/arm-mte).

Reason

To improve security for users, by improving memory safety.

Effect

Protects users against memory safety bugs.

Reason

To improve security for users, by improving memory safety.

Effect

Protects users against memory safety bugs.