Securing Mozilla Firefox
To configure Mozilla Firefox version 28 and older, click the orange Firefox button on the left and then click Options.
In Firefox 29 and newer, click the Open menu button (three horizontal bars) on the right and click Options.
If you like menus more, press Alt on your keyboard once, open Tools menu and click Options instead.
In Options window, click the Privacy tab. Those very concerned about their privacy and possibility of ad-related tracking on the Internet should tick the Tell web sites that I do not want to be tracked box in Tracking section.
Next, select Use custom settings for history from the Firefox will: combo box.
Those who require more privacy, can clear the Accept third-party cookies check box, but keep in mind that a few web sites might not work properly after this.
Next, make sure to select the Clear history when Firefox closes check box and then click Settings... button to the right of it.
Settings for Clearing History window opens. Always select Download History and Active Logins check boxes in History section.
Those very concerned about their privacy can tick Cookies option in History section, too. Never check this one if you use two-factor authentication on web sites, such as Gmail or Facebook!
In Data section, it is recommended to activate Saved Passwords option. Never use web browser for remembering your login details - malware can steal these within seconds! Use Password Safe for storing and auto-filling logins instead.
Those not playing online games in Firefox can also put a check mark into Offline Website Data box. Remember that enabling this option can delete your saved games and other settings!
Click OK to close the window.
Open Security tab. Make sure that Warn me when sites try to install add-ons, Block reported attack sites and Block reported web forgeries check boxes are ticked - these options will keep your internet browsing safer.
Clear the Remember passwords for sites option. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use Password Safe for remembering passwords instead.
Move on to the Advanced tab and open the Data Choices sub-tab. Those very concerned about their privacy can clear the Enable Telemetry, Enable Firefox Health Report and Enable Crash Reporter check boxes to prevent Firefox from sharing usage data with Mozilla developers.
Most users can safely leave the latter two ones ticked.
Next, click the Network sub-tab and make sure that the Tell me when a website asks to store data for offline use box is checked. This one can be left unticked by those who are hardcore online gamers to prevent confirmation messages for saved games and settings.
The last thing in Options window is to make sure that Firefox updates itself and its add-ons/extensions automatically. Click Update sub-tab in Advanced tab.
Make sure that the Automatically install updates (recommended: improved security) option is selected. This makes sure that Firefox stays up-to-date and all security bugs are patched.
Then, ensure there is a check mark in the Use a background service to install updates check box. This enables silent updates to Firefox, the completely automated, non-intrusive and most secure method. If you still want to click Yes or Continue in Windows' User Account Control prompts, clear the check box.
Finally, also enable the Search Engines option in Automatically update section. This is not strictly security-related, but you might like the latest and greatest search services.
Click OK button to close the Options window. Read on to find out what you can do for securing Mozilla Firefox even more.
Click-To-Play (aka Click-To-Activate or Click-To-Run) feature loads plugins or extensions only if user allows it. This prevents malicious or hacked web pages from infecting computers via outdated software: such websites include invisible iframes that silently load a plugin and use it to download and run malware without users ever noticing it. Read more about drive-by-attacks if you want to.
Older versions of Firefox required changing the plugins.click_to_play value in about:config Tab to True, but latest Firefox versions make this feature fully configurable.
First, use keyboard shortcut Ctrl+Shift+A to open Add-ons window. Alternatively, click Firefox button and click Add-ons. Traditional menu users find this command in Tools menu.
Firefox Add-ons Manager opens, click Plugins tab on the left. It is strongly recommended to choose Ask to Activate for most plug-ins listed on the right. At least, enable this option for Adobe Acrobat (aka Adobe Reader), Java Development Toolkit / Java (TM) Platform SE (aka Java SE or Java Runtime Environment) and Shockwave Flash (aka Adobe Flash Player) plugins to stay safer on web: these ones are misused by cyber-villains the most.
Remember, you can always create site-wide Click-To-Play exclusions later.
If Firefox detects a vulnerable plugin, it has only two options: Ask to Activate and Never Activate. Use the Update Now or More info links above to download updates for the outdated software.
Close the Add-ons Manager Tab to apply changes. Now you'll see the dark gray Activate <plug-in name> (for example, Activate Adobe Flash) message instead of content that uses third-party extensions. A positive side-effect of this is that many ads do not display.
Firefox will then turn your attention to the gray plug-in button (looks like a Lego brick?) to the left of Awesome Bar (aka Address, URL or Location Bar) and confirm your click with the Allow <site name> to run "<plugin name>"? message. Click Allow Now to remember this decision for the current site until you close Firefox. Click Allow and Remember to create a permanent exclusion for the site. The latter one should be used for very trustworthy sites only!
You can later use the same button for disabling the exclusion: click Block Plugin if you do not want to run the extension automatically on the current site.
Back to vulnerable extensions: if you visit a site that wants to launch an outdated plugin in the background (no visible content), the button to the left of Awesome Bar will turn red and a notification windows pops up, stating: Firefox has prevented the unsafe plugin "<plugin name>" from running on <site name>.
For outdated plugins that run visibly, the Allow <site name> to run plugins? window pops up with the list of unsafe extensions.
You should close these messages by clicking X on top right and update the plugin. Do not allow this extension to run!
Also, the plugin space is replaced with dark gray background saying This plugin is vulnerable and should be updated. Click the red Check for updates button to download the latest version.
In case you forget to update the extension that wants to run in the background, a warning bar is displayed on the top of the site. Click Continue Blocking to hide the bar and apply up-to-date version of the plugin.
Remember, you can also check versions by visiting the Browser and Plug-in Check page here at www.winhelp.us.
For some strange reason, Mozilla has not included an easy way to turn off geolocation in Firefox.
Come on, Mozilla - even Internet Explorer users can easily turn off the tracking feature! And I'm not even starting a rant about the fact that Firefox is the last browser on Earth without sandbox for plugins...
First, open a new Tab (keyboard shortcut for this is Ctrl+T). Type about:config into Address Bar and press Enter key.
Firefox will disable a humorous warning about warranty. Ever heard of a warranty for an Internet browser? Yeah, me neither.
Click I'll be careful, I promise.
A long list of cryptic options opens. Type geo. into Search field to display only items related to geolocation.
Double-click the very first item, geo.enabled, so that its Value turns to false. This turns off geolocation services.
Close the about:config Tab and you're done securing Firefox!
Additional free security plugins for Mozilla Firefox
To stay away from malicious sites and downloads, use WOT Safe Surfing Tool. It also shows site ratings in search engine results (Google, Bing, etc) and on Facebook and Twitter.
Use Trusteer Rapport (aka Trusteer Endpoint Protection) for securing your account data and money from data-stealing malware.