Mozilla Security

Whether you’re using the Web or checking your email, you care about your security and privacy. In the Mozilla project we understand the importance of security. Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for Web developers.

The latest security updates will be delivered to most users automatically. Users who have turned off automatic updates can use the "Check for Updates..." item on the Help menu. If the menu item is disabled your account does not have sufficient privileges to update Firefox--contact the person who installed Firefox on your machine. Additional help is also available through our Community Support site.

Tips for Secure Browsing

  • Always use the most current version of your browser.
  • Check for the "lock" icon on the status bar that shows that you are on a secured web site. Also check that the URL begins with "https" in the location bar when making transactions online.
  • In the Tools menu of Firefox, Tools > Options... > Privacy, you can clear your information with one click of a button. This is especially useful when using a computer in a public location.
  • Perform transactions (like shopping or submitting personal information) at sites that are well established and that are familiar to you. If you're not familiar with a site, make sure that the site has a privacy policy and information about the site's security measures.

Tips for Using Email Securely

  • Be aware that it is extremely easy for someone to forge an email message to make it appear as if the message has been sent by your bank, a software vendor (e.g., Microsoft), or another entity with whom you do business. If a message requests that you send your password or other private information, or asks that you run or install an attached file, then it is very likely that the message is not legitimate. When in doubt, just mark the message as "junk" and delete it.
  • Be cautious when clicking on links sent to you in email messages. If you do click on such a link, double-check the name of the site as shown in the location bar of the browser, and be especially careful if the site name displayed is an IP address (e.g., "192.168.25.75") instead of a domain name (e.g., "www.example.com"); in the former case it is very likely the site is not legitimate. Don't enter any personal information into forms displayed at such a site, and if you have any concerns whatsoever about your security, just close the browser window.

For Developers: Contacting Mozilla

Report security-related bugs and learn more about how we secure our products:

  • If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address security@mozilla.org. Note that your report may be eligible for a reward; see below.
  • For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs.
  • We want to make Firefox, Thunderbird, the Mozilla Suite, and other Mozilla products as secure as possible, and want to encourage research, study, timely disclosure, and rapid fixing of any serious security vulnerabilities. We've established a Security Bug Bounty Program to reward people who help us reach that objective.
  • Mozilla-based products include a default list of CA certificates used when connecting to SSL-enabled servers and in other contexts. If you are a CA and would like your CA certificate(s) considered for inclusion in Mozilla, please see the Mozilla CA certificate policy.
  • We encourage you to learn more about our Mozilla security projects and participate in the development of security features and capabilities in our products.

Press Contact: send mail to press at mozilla dot com.

The PGP key for security@mozilla.org below can be used to send encrypted mail or to verify responses received from that address. We transitioned keys in October 2017. Please see our signed transition statement for confirmation.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

mQINBFjF1JcBEADTNt6p4vD3ZROc65u0Y9293x8B+ZF33cMAaFlnAbq5Lwcy2EDW
seCRnOUQ9QqY4tKw1ZwWjFvKkGJcQKqZY1vQtQtxYsDuz1GfA0DIAgAUxyyKPuwN
8S4L3WvFDN6x/JNHiN6Cj18KAuBOzvoTvN1N0gwXfF7sSdNVuPBicD8JkHa88Ofc
I3num6Fe4tQzk4m2n/GRV5LSNsVYFpm9WHBEjzsApOkRZrfWrA1P0NlDOaoeH2Bn
pDkATKVKTsRvEZ0+MAt7GWKIrvnaLMsXxHZZGLx6z/iE//lT2UViiSglh2wyUg0h
awPHhyiNq2RMiwjaj1pmzzLiyr7NBkaaerUorbmxjsBFn3NlgKOJ/xx4FM1Jh47/
wbomIEw+oRAZMJj8EIV6A6HbPSqHLNmkw4VZ0L1vteuxmb1OtYB47lqPAV45ifIb
qYMJ6tqlt+gYmoI3XAhC8z2tOz7ZVb9u9J0VKgXwQM8bfFQU85r+or3U+7FgSLpb
OQpJ04xrXs6ZpZnP0E8alHtfVCUBv8Ild9llhwDLebuLb4Cn1GvZrFThAc1McnNV
RytxhWOFfAgUe3Tw8UvuYkEoB/yTP18cbCq0AFOAZ5UweL1ELGgM9XNavV/Y2blD
0ecczHEiBxfJNRtgJcmDw4vmTsdI7E5zPWBR7PCe8qafxv/d1UAJOvNklwARAQAB
tCdNb3ppbGxhIFNlY3VyaXR5IDxzZWN1cml0eUBtb3ppbGxhLm9yZz6JAj0EEwEK
ACcFAljF1JcCGwMFCQawjIAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQUDW0
aCqcFckxWBAAoK8uRXceGc4oMLiiqUMVhkYYQYzk//ouRXwMfK7NMB1yvN/W50Wb
nUJ7LlBVRptEKld7GnATyaP0vNENZ06ivzLgE9wW4pbF5r/P0Vv/nXIrM94sOFwG
2/gZkF2fhSrEiX0kTwVFuIkbICTvdLGN0FX6HUM9V/6E7mVJyO1mHViwDovdX3kG
zxw1hQwosqSYWtEwEIqVOGawIToXkwNap+XdqAQy3virHN00XPoMuIFApCptwudi
o8nmeDmU170KEJtxVPs3MLtSdK72KBGvVtJRczuIxG+DRH4hSZ3sFmMJCZLuF2V8
F08xHSE1wBUktKKBiBjVUA/3CgMOYZrOt1FSyM70/Yi7Qp8A+Oyq2N+qzkJp0Rou
y/tEOG3kSRqxAPDRGSSF1Y2N7LWRIugZKK+rxWlDjMSAJwfh6j40W9XIMzBhsku7
mA7Orkkazv4Yc6g5hzAMoeqQyYXfRjtxtqrVWzURa6E4WX0ZPGz825gC14u62L94
06qv0w90LszcUOrbGVK/NczrDsqFylQEE+W6b3oITklfG7Ys8B9kl7Lak3+Q8yU2
IQZwUXGGqZFkzhfkCRYvIxl3zeFY7OK49GYzSOOkpf3/oA4Mzdxg2Odjw4CnAdXd
Clwr/A3apxRgLVGE36KNWsEK9l4xL3bRUBcKhSwy8o7IwuuGDYx+nLaJAiIEEwEK
AAwFAljF1ZgFgweHcQAACgkQKmHHFAbBZAKx4g/+KHEZHm3cWEtMeZl2Dggt4l+t
bE18qiNYgunxDnPHmmfdi+LUQVohsM5ULMH6n4k0UxfgqXPPRV/1FQzyG8+x8Cnt
IK9h14Vht5dKIm0ce/3MGsBdZdMSuuQJg046u9MBwBOVXGwal80sm/x0v4beO17W
Rp0bWW2GNWj5jZE34V9prm4WC2nr1aAVOUcDJg3uCfTNTOZ1VGBdXKTEUjaZpF2v
JPODzDc5WW/yrb8Ym7tcNoJOwMfyZnFehMfWuZHrXCcnVQ9NAE6V0fJTOHZWfLao
/rVQpv5nu4YBdtdgNhMChctamsVC1UhlLy9pGMeHzCs6ufBVGdNyO2rIbJtLSrMU
zhoxweJw67MsZlt40pWy/p16jj1FfRcr+Z84GHJ7nSO70tY5XMtT407EoxBeexYI
b8m9dOlX4+x+a5JVeiDh8Pad+tpmdWIrT3GaRBcA7NCmJe2LB7I+1b/EowQGPDV6
CS100r0auUawKa4k35DImB3hYwi33nLwdXoOgaztf/fesRrL6CCpMAWJ31bKwPgO
BS1xwQLEBdgmHK1vAb00S374yUeNibuPEmJgcz8VVlJd6yy8hwmnO+C7KAvlqJfQ
LHN8bncYrbiPB2w5+U5P8CBrY1ZmsQIU+nTi29+udF4a7fYxTjnHweCPrSznSYHr
jH9ksc2xDP1JmB06K1W5Ag0EWMXUlwEQAN/+Q0vQ/nKjnRCH1/kKH4hIiwmM/gwW
UT2XIQPZfi5Q/bnxm6COCruNEm2cHzu/xOTeybFACVf5ZygDMUCYmczbDNvnFfg7
r9Bj+jDZFr3YOshuHquB/A7n7G0Q1tjvcVmigSKnMNxIKVxHynV6NnkdpIx5JrG6
ux4tPiPAs+0h3MWhrqbBdj2+Nznc4XUYaEb+ElzTiWlH+1IoLi8DH50gcc8zT1Jt
yAWW+lqbe9c70IxBwMJFxBp70e6f0+XQGuCz+FqxyfcWI7FUAhEecXyfjoYYoJjf
GMoSNv2tCm0X/IUeQjwZyQOWfC2AzSQHI4fsHq4Ws67Kxrcs1atk6vDV7yHd44MU
bv3w/b76XfnfjjFnUbfgmVoC0XBcRsAQeE59q4BA4aMCgIrJuMeTPCaO9STRmJb7
/ooDlDEb+h6DASnNZiVZ1Bm7wJOcM9VS6HYa59IBjKtm9jdhsdBLnjIkyaKifI1A
glhWBFdaii5vUflvPi97SvYGuEldh/m5x50hImx3Nvf0T8/vXeoOrHAOPb9sCq9k
1Iq1NPBK3YNKCK+0iwDTx9HOHFsFsIcerPJXI1K5Xpzz9KHzOQlGE9HEk8T0B1Jz
gXlM2sOKyilLc/tioFI8PmEoMugbSmhJgzmDaJ5PpxLmCwwXrepVn8/5zqzw37tF
hDuPdDX5pc+FABEBAAGJAiUEGAEKAA8FAljF1JcCGwwFCQawjIAACgkQUDW0aCqc
Fcl4Iw/+JmV3nfdRvRHqIvZGkeDrRsM3bh8sxMadepeMDrat/Hii3L+n+evJPiCJ
cRiVAslZtDEjXtODhaAYIF48uHLvVdl4r39418UCs3BzIdYXyosMSq2e+cORda7Z
39cq/WRwhAyD7IwNefZW/BCM2yMdtjeHr/2tkVrXRilbh3g7des4dsFNSUW5AslA
sPgHZG4hA6ZsfRESP1tgx3zArbzmtMRDaeoIcXin2GG8Q3NVJSvwtgQgrj9vQKbW
TEO2zRXQm/+n/T5bMSmamAmOAM/o2zJ+ntsKQItaVEGXCR7mHytayuXv/44Vt8Ar
kKYR5juBGl1xZuJ0CJf9cnIDwlj/Yr025xmB4bElTfjwiUeTadIg76hwBNeXah62
lEU+exvZGmJRzx2gD88fz8wOZGQIzWuhnutIful3Wi09tE5YOv60o8pCXpMzzhOE
BDmHIEi64OGRHT3Yvvs1GarfyEVmmimIs7uM8U1svzBW6iWyE7hcVtz1jy+8yp00
bO8aEuc1OlIHhstFrDHOO5uF4Nqy/SbUfygr1C8JVliXPWMfKCgqh8ONCCKEcjH+
nWwSyeGr77HFQmqy9kLIjcdFl+Tuanyo9s9IksRMSMHMQ3gtdtPH4sVniUtXXOW8
BYERzkEiXG2VQ5QmDEoRwAqBYZIn/5GG7CgVRnsJ+vjpaYY8mgM=
=j6gE
-----END PGP PUBLIC KEY BLOCK-----