Security Center

Whether you're using the Web or checking your email, you care about your security and privacy. In the Mozilla project we understand the importance of security. Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for Web developers.

On this page:

Security Updates

The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates..." item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site.

Tips for Secure Browsing

  • Always use the most current version of your browser.
  • Check for the "lock" icon on the status bar that shows that you are on a secured web site. Also check that the URL begins with "https" in the location bar when making transactions online.
  • In the Tools menu of Firefox, Tools > Options... > Privacy, you can clear your information with one click of a button. This is especially useful when using a computer in a public location.
  • Perform transactions (like shopping or submitting personal information) at sites that are well established and that are familiar to you. If you're not familiar with a site, make sure that the site has a privacy policy and information about the site's security measures.

Tips for Using Email Securely

  • Be aware that it is extremely easy for someone to forge an email message to make it appear as if the message has been sent by your bank, a software vendor (e.g., Microsoft), or another entity with whom you do business. If a message requests that you send your password or other private information, or asks that you run or install an attached file, then it is very likely that the message is not legitimate. When in doubt, just mark the message as "junk" and delete it.
  • Be cautious when clicking on links sent to you in email messages. If you do click on such a link, double-check the name of the site as shown in the location bar of the browser, and be especially careful if the site name displayed is an IP address (e.g., "192.168.25.75") instead of a domain name (e.g., "www.example.com"); in the former case it is very likely the site is not legitimate. Don't enter any personal information into forms displayed at such a site, and if you have any concerns whatsoever about your security, just close the browser window.

For Developers: Contacting Mozilla

Report security-related bugs and learn more about how we secure our products:

  • If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address security@mozilla.org. Note that your report may be eligible for a reward; see below.
  • For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs.
  • We want to make Firefox, Thunderbird, the Mozilla Suite, and other Mozilla products as secure as possible, and want to encourage research, study, timely disclosure, and rapid fixing of any serious security vulnerabilities. We've established a Security Bug Bounty Program to reward people who help us reach that objective.
  • Mozilla-based products include a default list of CA certificates used when connecting to SSL-enabled servers and in other contexts. If you are a CA and would like your CA certificate(s) considered for inclusion in Mozilla, please see the Mozilla CA certificate policy.
  • We encourage you to learn more about our Mozilla security projects and participate in the development of security features and capabilities in our products.

Press Contact: send mail to press at mozilla dot com.

The PGP key for security@mozilla.org can be used to send encrypted mail or to verify responses received from that address.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBExXLAYBEADFbJDvTUZsQFkPeRMv+je8Sq1Ou+15m2UmskHIdG7E1c1jSR5V
7UNhKaC3TTyI9XFIZXiSx8ZAOe345r1gAGHK011kyPtpf0mJYROwSdSBoZPIlXEl
5Ve5kzF+6UZHMn/AU8+xLJUJQpnKKKGoAKQrwF3rbCSIxFlX1VYMl/InZhAFW8NR
DIDs6dczUpvVQVo8a14QDx+LTkaIG2dnfSr/EyF06rkWgAvBK2Z/V93hea3OWuiW
YwY4XdVckCM94ZJPMvc3KaD3XUaDIuvxABjQXQM6lNJkQEqIGTfDHh8tzAm2bQku
lp0XGUc2dgr42njqScU1zkz6jVDBSogonglzJj9t1sUtN3ZMzB8xrgC+yuTxPyNg
/55PFV5Wg3suXHVkOKwz6ZAxIohBF8YntOY20VOnwZCamoQzqUu/W8JYxVLeBlPT
57Cj0mA2B+lXTxVw2ivgj4TtSSIC4c21xDM+lKGv8nOaV/GQULcK/FEU7EhxhRAN
MKvCE5MgSU5HRndViJJTzeBhiAw0wnRK2pot9bwvA+odbgFhkkA8fLxpwiFbctb/
QGHpqW++4omIWKb+wfDASt42/YgLYmj2RtUjymajb2D4CjcufKTxQ+N2p8vEMETZ
I/anNKJuvlDYofn0RHa17GElNovK02uluy9DMghgcsvCa99nggp9SCvMyQARAQAB
tCdNb3ppbGxhIFNlY3VyaXR5IDxzZWN1cml0eUBtb3ppbGxhLm9yZz6JAj0EEwEI
ACcFAkxXLAYCGwMFCQeFREoFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQEAyb
id9VoUbIPBAAhJZC8LRiG9YggeuDwLnMoLpx/prSqZtodigoirzn5ZGpC6O6Ll2x
OQz3ZxGc2WYYM6Vy66ygli/UpaVXB9I3I8Q/pGxHmDILofl8RXn62pR7Mj1EnLqJ
9U4v6eGBz2OO/Cp7TbDSTAeCALPjIMJtt74MGSjUQIJOmzrmGfWi4hJhrZgDzw5B
ugcxxuRkHTvfZH8JLuhMSaCy8i6vGXtwjmiIc8LqgM0QQ2VcQkBGTqlaB414moSJ
dIv53tBpR2OA8buQ0CJ4QVa5gYB5YJNCdw6dG/2CiYXS4oG4K4VUz+o11m2TEK4D
Df+Z1+1kmwxWuxWlEz8imSjfi9UZXsKl1YbF6lbCMf0YNfSYfVbdA6gzheDJ5Q0W
LANGbu1kkGpHVCFlbTQkg0rByXomfXnpFx5F6kKTYYvPorv5Ym4ew2v/IDpNaIkh
eVJK4K8vDaC0GaK9+hr4tGVEcbbaxW6F4Pg7jWXvXXsl6Yh+da1Hc6bnh1wC0NpF
BlL3mpIwPS14lLUD4K/D0K+SsFrvR1SQdClTkGqFPZlHX3cFfwxicfeK7deIP+Sm
2n3RQ+4Mg5PxzBD4a+dwnXEzDerjm6yTTYRV+e6A8Ej3cIsMYg6fboWxjWBqAo0m
93/cnuy26MFojPnx4kgl318XJ7Kmk4kCkwRl2ZIHKZjh8vZs7PusiuuISQQQEQgA
CQUCTFctRAIHAAAKCRBroiIm88M9WpIsAKC0Q4rj9cfLD9SnIa0KkjR6sW1ybACg
oKpQEIA37k5BGKTIqx2+bOER4PaISQQQEQgACQUCTFcuIQIHAAAKCRCWokc4DYq3
FmBtAJ4xQ1VK/zuMhpdLESvJkEF7sO7k7ACgnhSM9oxrisqoXIdmSWXQpbUx6xW5
Ag0ETFcsBgEQAMIGimn0Kzl/bcB7P300BUquiAydKDytBqelZ064jyXi4s8KnfHz
lFiuO8FZumJvbCO5UfSDveb0kabFkCeEc+gGhz6at3AblIdmGVp8Q5Wdcsto/Y7A
cn/fnFOLu1yDBbTkssLzDSwGwsIei27cH8gefmWoUXSedu/m1LcKADKGsLikMhYD
KFjZsgat8BmPeI7seyStfkyA3gdqwbdr4SAtkbiPIaN09wtFupQ6sOiFIPD6tfJo
RO5pvOz8Wns2/n5PVebkDPdwUAn/dNkhwYZMhBWn92TgLFUMV6Ujth/176FncaNW
S0LgUV8CWZALBWA1mVNyrfKCOziVdlVg82xIK2lVhvXsoAvgO5RhXrsosiwaKH6Z
x/AFWsu4XjjvdPoKW4jC1exrfqgHmonUFChnql9f2XMOEHv6OixDL9/LsLiZYsy5
zb7Im8cdxa+1BcImKIY7K72H6br064e32VBHjDEiBQI8CelrB8riCUBQ3V5nu16v
oEPwv1p/cdifg8EwbXHgqrGClAAnUYXBtsqhxbkxroeGKKk9NTGBV7eCtlfSnbp1
1G5l2SeGCiV1g2kJHXrrad057gSyLLDED5r/QiDOARE28WbY8RQnxBwDoak/gYqN
3cJzcAJ9JYHRKnW1XIdz8MCGCT/oM0Ru8U2WPMTlWLxMVkn/P/5ZkFJFABEBAAGJ
AiUEGAEIAA8FAkxXLAYCGwwFCQeFREoACgkQEAybid9VoUbb+g/8COpTvvkrsy61
jPTFBcPXtPlLwuGgQibuLhxs+id4AZzlUYaKJ5Wx+vj3DZqtF+/cVNQjpqINXCPJ
/MzpCW4R/cRCg1OmVc1XOZn8XFQezs9WqxH1otvlqKKbUaOiCO0bAwCJ0WwgKTeu
12bX+F0ni5IGEr6bHensWuhHRd5PwH/vOBA1PrHd0yMEM6KAqZKCnLDlaNVq2418
HW9blesQmtgyxTmAkkm11D/6+JjGcEL+/N3BfA27NJ3Qf+C48Z/d4Z6x1j1mDQdJ
/QN20lFGW51GDHTRhGme0Ue3ZaKgqELG9z+iWBSSL4zPHP3cmFbP3g9GHYq6KFT8
o9MeCK6DFzZqHUf1pPcSz2agu5TE9AnYoIXyL4VyrOfT72aX6xyfddkhXxxI2pQo
bbcxxzdlSUJX6LfR8wJdDiGOIjuWjrijTad5jk7U2nocmS0ipRMtULjx/7rkoBzj
Xh+euN3gAzExW9lWNpoqEovdm67p+G3MLRCsgJ/qFxg28zF+c0W7p7llWktbccvS
waEEgq1ArLDa9hhUsK9rTIfKbmf0QSi2L8BxVrXiPRFcSzYgOgrGcZts9dvjFkjO
CvhdaBsrl3/v9xctvH4OZ5UA79tDG0FPmDP049R06rN5ZBDnB9HK4dm2jhPkyQoK
UoXsDrRRa8kaNHOCxECjCiR6Hc535Q8=
=K/3b
-----END PGP PUBLIC KEY BLOCK-----