Firefox 32 Adds Public Key PinningCategory: Software
Posted: September 3, 2014 02:17PM
In an effort to prevent attacks that involve invalid SSL/TSL certificates, Firefox 32 has incorporated Public Key Pinning. According to Sid Stamm, the senior manager of security and privacy engineering at Mozilla, key pinning allows website operators to specify which Certificate Authorities are able to issue valid certificates. Within Firefox 32, a normal lock icon will be displayed if a certificate is able to be matched with a pinned certificate. If the certificate cannot be verified, Firefox will reject the connection with a pinning error. This provides an additional layer of security for Firefox users by preventing connections to illegitimate website, in which a hacker could intercept critical data.
The first stage of pinning roll-out includes protection for Mozilla sites and Twitter, while later Firefox versions will include protection for Google sites, Tor, Dropbox, and others.
Source: Mozilla Security Blog