Mozilla Security

Whether you’re using the Web or checking your email, you care about your security and privacy. In the Mozilla project we understand the importance of security. Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for Web developers.

The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates..." item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site.

Tips for Secure Browsing

  • Always use the most current version of your browser.
  • Check for the "lock" icon on the status bar that shows that you are on a secured web site. Also check that the URL begins with "https" in the location bar when making transactions online.
  • In the Tools menu of Firefox, Tools > Options... > Privacy, you can clear your information with one click of a button. This is especially useful when using a computer in a public location.
  • Perform transactions (like shopping or submitting personal information) at sites that are well established and that are familiar to you. If you're not familiar with a site, make sure that the site has a privacy policy and information about the site's security measures.

Tips for Using Email Securely

  • Be aware that it is extremely easy for someone to forge an email message to make it appear as if the message has been sent by your bank, a software vendor (e.g., Microsoft), or another entity with whom you do business. If a message requests that you send your password or other private information, or asks that you run or install an attached file, then it is very likely that the message is not legitimate. When in doubt, just mark the message as "junk" and delete it.
  • Be cautious when clicking on links sent to you in email messages. If you do click on such a link, double-check the name of the site as shown in the location bar of the browser, and be especially careful if the site name displayed is an IP address (e.g., "192.168.25.75") instead of a domain name (e.g., "www.example.com"); in the former case it is very likely the site is not legitimate. Don't enter any personal information into forms displayed at such a site, and if you have any concerns whatsoever about your security, just close the browser window.

For Developers: Contacting Mozilla

Report security-related bugs and learn more about how we secure our products:

  • If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address security@mozilla.org. Note that your report may be eligible for a reward; see below.
  • For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs.
  • We want to make Firefox, Thunderbird, the Mozilla Suite, and other Mozilla products as secure as possible, and want to encourage research, study, timely disclosure, and rapid fixing of any serious security vulnerabilities. We've established a Security Bug Bounty Program to reward people who help us reach that objective.
  • Mozilla-based products include a default list of CA certificates used when connecting to SSL-enabled servers and in other contexts. If you are a CA and would like your CA certificate(s) considered for inclusion in Mozilla, please see the Mozilla CA certificate policy.
  • We encourage you to learn more about our Mozilla security projects and participate in the development of security features and capabilities in our products.

Press Contact: send mail to press at mozilla dot com.

The PGP key for security@mozilla.org below can be used to send encrypted mail or to verify responses received from that address. We changed keys on October 23, 2014. Please see our signed transition statement for confirmation.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFRHBBcBEAC+utk9cOqhREG2LelV/W2uLuJZ4H0YMHB3mrLfTZNekL1Q1Av8
m0dQU2hvuP86MlZOfFzWDbeQ/O9ym5o6QfOkZbfPWJRj5IFlxqSPkTpYWXdGP8dw
bTqHtiISV4SZvWxNmTp50TLTQdHJfkGPVFyezD/ZKd8ZFyKoojVe+6DoYr/+W0st
1TTplSOrNGHFgKUi/hdkdyq+ga+ARk2KYqO+Myiz2pjjnlErmQo81k3zdthrwN5P
WXNMQRuptI9xEo/CBPDo3xtH/fnbclfuIYKyAitrIIl75AQpPG8AcdNCRHJKgGpH
CPPzovAuNfv5nclxUJ3Otqm1gAq684WOmroP9fyQAwZswbpBpWdoQMyNlE8WKaUp
dGHlOXimmiz20/2AtwsuztSNJ/ezht4q5Zy3P16J5Q1iJ7y6VC8LodS0eC3enqBh
zonf1j3zBFMxIjnYH72H49Uw+yOmO4yfhOWq5cBZ1M5HHPuqC4u7F7GJri+ZLxB7
L3dnh5zWgWl7622MWqqxAbe9RDqbMxzOZPDyeW3GqpuJhy5NteIzA3qNP+wy7Wah
LNkHGfsoI51C0kf2BoQfne0KBmamqCLwK8GJpcQtFb0ifMA/mtbYEE1ablEu8dkw
AjTNafh+l4qcHGa17Q3SCH82xDd3dvuxxNcqKbePoJdQQbDBcN5r0FGeWwARAQAB
tCdNb3ppbGxhIFNlY3VyaXR5IDxzZWN1cml0eUBtb3ppbGxhLm9yZz6JAj0EEwEC
ACcCGwMFCQWjmoACHgECF4AFAlRHBiAFCwkIBwMFFQoJCAsFFgIDAQAACgkQKmHH
FAbBZAKA3hAAn0TTfbCGysfwapkg+peqAGAwxz1iZ5a0qdxT0Yi7HNx+97OCvhgP
h18qE2OfKrXilroO2puHPJvQ0K5maFYjNk2UVN4AQmPj6Nwbn7UW1mGhAuUauxHh
LAO4RebT2c37Ln/6dYgQN0HlyE2C8HFlJeNOKY8YzZQvcl+LP2wG3e/oVu5QPqgE
+38n2vnI7gsUYrVumSl2262SWqpzxS9uMsdMbI/ch7VXnfO4sgzu+xBVRnJxpKpU
aY2ekwVdbZsCHHCu9chCcll2PPjCFAyldjQ8xSubEDH66Q2+snnzgaGmhSMYZioj
3TKEm9g1MUnp6Hmf1BwRkprmlycTk02MXtQ+k86JOIuobl0uOj9s9GBsrommkKca
vsqAKOlf7/xiJpAXFHU4fqCpA0kmOo9ShcwJgtIVbkzkJR/HiNEMcjUMFltihGSN
HucJDdx5CSAfMRYbi7zAq0jNenoIGYOJx71BWpYktBeVDiso47k49Ie88kjddSsb
Z+O/hLILhfqpJSDwMPF7h+i31AhhDZrHO+de8dx+Xf8x3eXZSC22Ve7V9HBBWJHR
puZwpwlLyZumVyO193e1XexW0CvCvyT+74PWZtReYEP6HoeIddGpFrLk6ixvzsjk
OYMBaMGZkfzhhkf2/FcqhnBkgkonlgH7+/UWO0vuqpsnrAgH4YXIa1OIRgQQEQIA
BgUCVEcE3AAKCRD9vjHuMDPLTszDAJ9+C21E0OCUcYg9Yy1lVhVEqv0iSQCdFoPA
ujOPlkd00WQN66baJ4XVwpCJAhwEEAECAAYFAlRHBnQACgkQMllDdZYaksiQyw/8
CHdvg+EhVFv9ycn0oDLpxV3vzVHziqFfa5PnMVnbgrMGTANNY8scxu5wUk8jlkRM
z1QWbJomeTvXQsYtvKp5NEhyD09PLqDDXh1V6RHEjPGj2YUTOb6pOx7trhSXWDVP
DrMjBgho4NBLJGL66lgepYomCAiA0ddn01LZ/9MmknljvXLXV70MGZPy1nIsbYNB
8nFpipN6efiKGdsRtlMExQksdTyQe6GhEGWG7/4qKn2DKl5AbaStyb+ZsMwuJuJ8
WFPdSuGYXUrAtTzkAEpyzfJA4cNImY5Wnnw6FmIwdK5NlhP4WxlYQudUG5AO5sO6
Ptzktnbs2M6GeWWlZ0A0qRw53+03XZsXWw+A0UTjAX+cT6QTfiO37mVjxzlDyhor
483Rw5kQzILnSPogWD0O3x4nXOYraYxymh/ZhEeYGc9H50GVNiiT5bQ8tbjD69Dt
fzZzig8mxGFrmfUv62di2++Uxs69ukQXK+J6sbXtJFRDx5luhGSVhWfNY/+M5S6d
SAyKmD2jiDms4yqz6tW0W9BMPK4qJc3liOpBHCjth2hVjGy9JsHbuZA6Xc8vykyz
bmIsBtLTGIcB1HcLvLd5svmr1fdA48dLAQlKnfMK/uZO3qDrU0twjuKKKSmzimvq
y4HWpqRY5sv1r1JQERH+ve/rfAluYEY47caRZ2/7G8eJAj8EEwECACkFAlRHBBcC
GwMFCQWjmoAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAqYccUBsFkArm8
EACjxKG2bV6sCLhW/M7yRbmzVOCMd/videwrCHaoMS9b26vsyvHpB+eOD5Pu67wD
Ltsgk5/ueXcQlfQJRPpDPQtFEm9ZdaR1iBwmW/D79zpUDFBd0VMwz4ZrrhznIa4P
7hO7CjANRj1nJjF/pN2BqrE1VhFFvjGeiiDU8vM9/PRDm9ru4IdWyDV6E846JBWA
354qyvS3FW8UGWplcUOx5TNeUb2/bAdOB2R40tB82/0kxT91LAuLFBVfEhsWQEWh
O/89n9DH2d2pU+n/wccYgQyxs6PdQn+gcb3CrtTidj42yy0rm6ekE95s1Ekc81gf
0tWwEfgBT7CDIsUCTrySngQzXGFHY2Kwaa9uJ9MTVPd11K0YjMepBtaGPOGz59Dg
5Y7wf+JfUeSeyVv5ntyn4XxR87WMnl0ZZNZ4/rQvR9+7XV5fp+41luKsYX+acMkg
9r2RvKiXGxboxEw+ABP/gDI4S6Exlj1G/SYMDr09xIwVTcn+mb7/+o+fRx1FUoNy
qgKvApqK0azISwhwzkGbQLA/CStmHEitgb3d4F+z/7Lo8VTaC4LfTHGbwJLkkhzq
rCJQ5Rf/iKW+gIV2o+LKq3XkL4J+dbLZkY95+EVVuvneQ6xTE+IILulELTPg5xE+
Ve9ZUYoNg4aS1NTGOOCc+p0D/mWKoLmiLGUYV/HznF0k27kCDQRURwQXARAAw0vL
8DoKsb4gMp3/R71fLq8SXOGEqVQ+EatnzX0J4GyUGQofkqMm28ItUJson1l6iYH3
aZRI/Ug17P8C4/lOl3OxByESV3eQL3+yk/2c5sTFpPp/X6wRg0/AXpyMB9aPubEq
JD36h8XgGCfVUOD5wxanlh2ue6m33kBWO4IebuRghxpEm97dQjw71sSas5MRu3Qn
lX58+zVMKOgRUspjTRU/kYPcTCNicTetfuq7ZBJHFMF8t345p98x4ED33czk6jd4
0rtckm+8QeR6ykPUQg6eDJAM5L0yUAW+IEBLOa7ZRzMuQx0YFIyeQgsTdJi5A6Zq
K+4q7GZ93xVCaWdPOwgksnEIR8SPNPm954pVJYHq7LmpoxxVlD0TroBpVXhP99uZ
mnY62E7h5U3Yf/TEzM6QE1/7r0Sw8n3Cd9Hk9n9raJFW/OrySem2Q4fKtsQ1nIEr
ZX2ThHhNu/UjyLWaE0ddnUtXaVzMtp+2u/k9IF1lsyatSZ0JukjgJvnQGNSWBdKG
IwIf7dafnI+ObO9BtE56uGEPIwkuIJJ4pQqpWTAXrZiZeLzFNgtGMtk0X5rpwGlj
pINB95pXs2hl842KdPunvO8gJ7vIlUOB6zYDLiWUBJxFK1GOLts0A9WXevP04cyG
squakbqRuC8DMDwBdWhfmmKkMmR4RHLSx7rDEQUAEQEAAYkCJQQYAQIADwUCVEcE
FwIbDAUJBaOagAAKCRAqYccUBsFkAm5iD/9nUG91UlmwCtqcI0jyd8zO5l6S0Sjj
Ctuc3CuHJvLN0Y77nNckO0GbOD+6cW5r6ASV/H6IR/7lTLy9QLomJL1GU/vTgYn4
ugGSR2RGDqnl5Kj5AyoWUnoNXizC1gcp7q/apDo2f/qD2dV+Hwmg4t7/sPAOeVe3
95fnzosAGuZ4wtkxSpjv5o23FC/p2i2PR6vs/fYSqjmyzlhy/D7D3yKrDVh3QxAG
y8zyVDTBO92d54DxgFF8UygqRWSzqiSmafUKOBFap0Kn+00U+B7BsTNjlQfYnQ4u
sd5JSv6qnc6/lFZqazCdJ5o2KnC2kR6Msq71HLMjcBibJzjR8E5B0IuzihenN+E6
TMWZNSV6d4RFDytAtexy5bWrYwT4wFlTbu8KUgH5uFZDNGWAl0fbuYsITF14QdYV
MKq1Ngd4oFn7ueZ1ncnwymNTn42UGPTPPSizaOTD7iq+e8Kk+MpRPc2ol5enzqvc
z3vfNqZkSpoYE0jMO3uolEJaA+VqDUc4xpwGoqukAjAsu3TwxoEvwSgNwL16Uu5e
7CGXkM3d/awaNXwvn0/ydesG4l28r1DIFUtqWWLP4wBBjSozbQvIhQ4HaZIhXViq
HTHTRtUyVtqL3BW0/xSVCqZaGtrHmSTkMyfU+44Z2brQIj7zP6sAJf6nXMgu4pLK
3wttWuMUnyrFIw==
=r4W1
-----END PGP PUBLIC KEY BLOCK-----