Site search is available on home page

Securing Mozilla Firefox

By , Last modified: 2014-09-07.

How to configure Mozilla Firefox for safer internet browsing in Windows XP, Vista, 7, 8 and 8.1

To configure Mozilla Firefox version 28 and older, click the orange Firefox button on the left and then click Options.
In Firefox 29 and newer, click the Open menu button (three horizontal bars) on the right and click Options.
If you like menus more, press Alt on your keyboard once, open Tools menu and click Options instead.
Mozilla Firefox menu. To configure Firefox safety, click Options. Mozilla Firefox 29, Open menu. To configure Firefox safety, click Options.

In Options window, click the Privacy tab. Those very concerned about their privacy and possibility of ad-related tracking on the Internet should tick the Tell web sites that I do not want to be tracked box in Tracking section.
Next, select Use custom settings for history from the Firefox will: combo box.
Those who require more privacy, can clear the Accept third-party cookies check box, but keep in mind that a few web sites might not work properly after this.
Next, make sure to select the Clear history when Firefox closes check box and then click Settings... button to the right of it.
Mozilla Firefox, Options, Privacy tab. Tick the 'Tell web sites that I do not want to be tracked' check box. Select 'Use custom settings for history' from the 'Firefox will' combo box. Check the 'Clear history when Firefox closes' box, then click Settings.

Settings for Clearing History window opens. Always select Download History and Active Logins check boxes in History section.
Those very concerned about their privacy can tick Cookies option in History section, too. Never check this one if you use two-factor authentication on web sites, such as Gmail or Facebook!
In Data section, it is recommended to activate Saved Passwords option. Never use web browser for remembering your login details - malware can steal these within seconds! Use Password Safe for storing and auto-filling logins instead.
Those not playing online games in Firefox can also put a check mark into Offline Website Data box. Remember that enabling this option can delete your saved games and other settings!
Click OK to close the window.
Mozilla Firefox, Options, Settings for Clearing History. Leave only 'Download History' and 'Cookies' selected. Click OK.

Open Security tab. Make sure that Warn me when sites try to install add-ons, Block reported attack sites and Block reported web forgeries check boxes are ticked - these options will keep your internet browsing safer.
Clear the Remember passwords for sites option. This is very important because malware can easily steal all user names and passwords for sites you have visited (including your bank!). Use Password Safe for remembering passwords instead.
Mozilla Firefox, Options, Security tab. Make sure that the 'Warn me when sites try to install add-ons', 'Block reported attack sites' and 'Block reported web forgeries' check boxes are selected. Clear the 'Remember passwords for sites' box.

Move on to the Advanced tab and open the Data Choices sub-tab. Those very concerned about their privacy can clear the Enable Telemetry, Enable Firefox Health Report and Enable Crash Reporter check boxes to prevent Firefox from sharing usage data with Mozilla developers.
Most users can safely leave the latter two ones ticked.
Mozilla Firefox, Options, Advanced tab, Data Choices. Clear the Enable Telemetry check box for enhanced privacy.

Next, click the Network sub-tab and make sure that the Tell me when a website asks to store data for offline use box is checked. This one can be left unticked by those who are hardcore online gamers to prevent confirmation messages for saved games and settings.
Mozilla Firefox, Options, Advanced tab, Network. Make sure that the Tell me when a website asks to store data for offline use box is checked.

The last thing in Options window is to make sure that Firefox updates itself and its add-ons/extensions automatically. Click Update sub-tab in Advanced tab.
Make sure that the Automatically install updates (recommended: improved security) option is selected. This makes sure that Firefox stays up-to-date and all security bugs are patched.
Then, ensure there is a check mark in the Use a background service to install updates check box. This enables silent updates to Firefox, the completely automated, non-intrusive and most secure method. If you still want to click Yes or Continue in Windows' User Account Control prompts, clear the check box.
Finally, also enable the Search Engines option in Automatically update section. This is not strictly security-related, but you might like the latest and greatest search services.
Mozilla Firefox, Options, Advanced tab, Update. Make sure the 'Automatically install updates' and 'Use a background service to install updates' options are turned on. Click OK to close Options window.

Click OK button to close the Options window. Read on to find out what you can do for securing Mozilla Firefox even more.

Using Click-To-Play in Firefox

Click-To-Play (aka Click-To-Activate or Click-To-Run) feature loads plugins or extensions only if user allows it. This prevents malicious or hacked web pages from infecting computers via outdated software: such websites include invisible iframes that silently load a plugin and use it to download and run malware without users ever noticing it. Read more about drive-by-attacks if you want to.

Older versions of Firefox required changing the plugins.click_to_play value in about:config Tab to True, but latest Firefox versions make this feature fully configurable.

First, use keyboard shortcut Ctrl+Shift+A to open Add-ons window. Alternatively, click Firefox button and click Add-ons. Traditional menu users find this command in Tools menu.
Mozilla Firefox button. Click 'Add-ons' to configure click-to-play.

Firefox Add-ons Manager opens, click Plugins tab on the left. It is strongly recommended to choose Ask to Activate for most plug-ins listed on the right. At least, enable this option for Adobe Acrobat (aka Adobe Reader), Java Development Toolkit / Java (TM) Platform SE (aka Java SE or Java Runtime Environment) and Shockwave Flash (aka Adobe Flash Player) plugins to stay safer on web: these ones are misused by cyber-villains the most.
Remember, you can always create site-wide Click-To-Play exclusions later.
Mozilla Firefox, Add-ons Manager, Plugins tab. Select 'Ask to Activate' for all plug-ins.

If Firefox detects a vulnerable plugin, it has only two options: Ask to Activate and Never Activate. Use the Update Now or More info links above to download updates for the outdated software.
Mozilla Firefox, Add-ons Manager, Plugins tab. For vulnerable plugins, only 'Ask to Activate' and 'Never Activate' options are available. Click either 'Update Now' or 'More info' link above to download required update.

Close the Add-ons Manager Tab to apply changes. Now you'll see the dark gray Activate <plug-in name> (for example, Activate Adobe Flash) message instead of content that uses third-party extensions. A positive side-effect of this is that many ads do not display. Smile
Mozilla Firefox, Click-To-Play (Ask to Activate) turned on. Click 'Activate <plugin name>' to open options for the current site.

Firefox will then turn your attention to the gray plug-in button (looks like a Lego brick?) to the left of Awesome Bar (aka Address, URL or Location Bar) and confirm your click with the Allow <site name> to run "<plugin name>"? message. Click Allow Now to remember this decision for the current site until you close Firefox. Click Allow and Remember to create a permanent exclusion for the site. The latter one should be used for very trustworthy sites only!
You can later use the same button for disabling the exclusion: click Block Plugin if you do not want to run the extension automatically on the current site.
Mozilla Firefox, Click-To-Play (Ask to Activate) turned on. Click 'Allow Now' to run the extension and see its contents. Mozilla Firefox, Click-To-Play (Ask to Activate) turned off for the current site. Click 'Block Plugin' to re-activate Click-To-Play on the website.

Back to vulnerable extensions: if you visit a site that wants to launch an outdated plugin in the background (no visible content), the button to the left of Awesome Bar will turn red and a notification windows pops up, stating: Firefox has prevented the unsafe plugin "<plugin name>" from running on <site name>.
For outdated plugins that run visibly, the Allow <site name> to run plugins? window pops up with the list of unsafe extensions.
You should close these messages by clicking X on top right and update the plugin. Do not allow this extension to run!
Also, the plugin space is replaced with dark gray background saying This plugin is vulnerable and should be updated. Click the red Check for updates button to download the latest version.
The 'Firefox has prevented the unsafe plugin <plugin name> from running on <site name>' pop-up near Awesome Bar. Close the message without allowing the plugin to run and update the extension ASAP. Mozilla Firefox, 'Allow <site name> to run plugins?' pop-up near Awesome Bar with a list of outdated extension. Close the message without allowing the plugin to run and update the extension. Mozilla Firefox, This plugin is vulnerable and should be updated. Click the red 'Check for updates' button.

In case you forget to update the extension that wants to run in the background, a warning bar is displayed on the top of the site. Click Continue Blocking to hide the bar and apply up-to-date version of the plugin.
The 'Firefox has prevented the unsafe plugin <plugin name> from running on <site name>' warning bar. Click 'Continue Blocking' and update the extension ASAP.

Remember, you can also check versions by visiting the Browser and Plug-in Check page here at

Disabling geolocation in Firefox

For some strange reason, Mozilla has not included an easy way to turn off geolocation in Firefox.
Come on, Mozilla - even Internet Explorer users can easily turn off the tracking feature! And I'm not even starting a rant about the fact that Firefox is the last browser on Earth without sandbox for plugins...

First, open a new Tab (keyboard shortcut for this is Ctrl+T). Type about:config into Address Bar and press Enter key.
Mozilla Firefox, to disable geolocation, type about:config into Address Bar and hit Enter.

Firefox will disable a humorous warning about warranty. Ever heard of a warranty for an Internet browser? Yeah, me neither.
Click I'll be careful, I promise.
Mozilla Firefox, warning for advanced settings. Click I'll be careful, I promise.

A long list of cryptic options opens. Type geo. into Search field to display only items related to geolocation.
Mozilla Firefox, advanced settings. To see only items related to geolocation, type 'geo.' into Filter field.

Double-click the very first item, geo.enabled, so that its Value turns to false. This turns off geolocation services.
Mozilla Firefox, advanced settings. Double-click 'geo.enabled' so that its Value reads 'false'.

Close the about:config Tab and you're done securing Firefox!

Additional free security plugins for Mozilla Firefox

To stay away from malicious sites and downloads, use WOT Safe Surfing Tool. It also shows site ratings in search engine results (Google, Bing, etc) and on Facebook and Twitter.

Use Trusteer Rapport (aka Trusteer Endpoint Protection) for securing your account data and money from data-stealing malware.

To protect Firefox from zero-day attacks, use the free Microsoft EMET. An even easier-to-use alternative for this is Malwarebytes Anti-Exploit.



Sub Navigation

Sub Navigation
Next: Securing Opera
Previous: Securing Internet Explorer
comments powered by Disqus