Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Firefox
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Privacy == When Firefox initially released, it used a custom script permission policy where scripts that were signed by the page could gain access to higher privilege actions such as the ability to set a user's preferences. However, this model was not widely used and was later discontinued by Firefox. Modern day Firefox instead follows the standard [[same-origin policy]] permission model that is followed by most modern browsers which disallows scripts from accessing any privileged data including data about other websites.<ref>{{cite web |url=https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript |title=The Same Origin Policy |date=June 8, 2001 |access-date=November 12, 2007 |publisher=Mozilla Developer Network |archive-url=https://web.archive.org/web/20081014022433/http://developer.mozilla.org/En/Same_origin_policy_for_JavaScript |archive-date=October 14, 2008 |url-status=live}}</ref> It uses [[Transport Layer Security|TLS]] to protect communications with web servers using strong [[cryptography]] when using the [[HTTPS]] protocol.<ref>{{cite web |url=https://www.mozilla.org/projects/security/pki/psm/help_21/ssl_help.html |title=Privacy & Security Preferences β SSL |access-date=January 24, 2007 |date=August 31, 2001 |publisher=Mozilla |archive-url=https://web.archive.org/web/20070207074919/http://www.mozilla.org/projects/security/pki/psm/help_21/ssl_help.html |archive-date=February 7, 2007 |url-status=live}}</ref> The freely available [[HTTPS Everywhere]] add-on enforces HTTPS, even if a regular HTTP [[URL]] is entered. Firefox now supports HTTP/2.<ref>{{Cite web |url=https://www.browsermentor.com/why-you-should-use-firefox/ |title=Why You Should Use Firefox: 7 Reasons β BrowserMentor |first=Rahul |last=B |date=February 26, 2021 |access-date=February 26, 2021 |archive-date=August 13, 2021 |archive-url=https://web.archive.org/web/20210813112455/https://www.browsermentor.com/why-you-should-use-firefox/ |url-status=live}}</ref> In February 2013, plans were announced for Firefox 22 to disable [[third-party cookie]]s by default. However, the introduction of the feature was then delayed so Mozilla developers could "collect and analyze data on the effect of blocking some third-party cookies." Mozilla also collaborated with [[Stanford University]]'s "Cookie Clearinghouse" project to develop a [[blacklist]] and [[whitelist]] of sites that will be used in the filter.<ref name="pcmag-tpcookies">{{cite news |url=https://www.pcmag.com/article2/0,2817,2415810,00.asp |title=Firefox 22 to Disable Third-Party Cookies by Default |last=Murphy |first=David |date=February 24, 2013 |work=PC Magazine |access-date=September 21, 2013 |archive-url=https://web.archive.org/web/20130926022552/http://www.pcmag.com/article2/0,2817,2415810,00.asp |archive-date=September 26, 2013 |url-status=live}}</ref><ref name="cw-cookieblocking">{{cite news |url=http://www.computerworld.com/s/article/9240218/Mozilla_again_postpones_Firefox_third_party_cookie_blocking_this_time_for_months |title=Mozilla again postpones Firefox third-party cookie-blocking, this time for months |last=Keizer |first=Gregg |date=June 20, 2013 |work=Computerworld |access-date=September 21, 2013 |archive-url=https://web.archive.org/web/20130926102706/http://www.computerworld.com/s/article/9240218/Mozilla_again_postpones_Firefox_third_party_cookie_blocking_this_time_for_months |archive-date=September 26, 2013 |url-status=live}}</ref> Version 23, released in August 2013, followed the lead of its competitors by blocking [[HTML element#Frames|iframe]], stylesheet, and script resources served from non-HTTPS servers embedded on HTTPS pages by default. Additionally, [[JavaScript]] could also no longer be disabled through Firefox's preferences, and JavaScript was automatically re-enabled for users who upgraded to 23 or higher with it disabled. The change was made due to the fact the JavaScript was being used across a majority of websites on the web and disabling JavaScript could potentially have untoward repercussions on inexperienced users who are unaware of its impact. Firefox also cited the fact that extensions like [[NoScript]], that can disable JavaScript in a more controlled fashion, were widely available. The following release added the ability to disable JavaScript through the developer tools for testing purposes.<ref name="ff23-relnotes">{{cite web |url=https://www.mozilla.org/en-US/firefox/23.0/releasenotes/ |title=Firefox 23 Release Notes |date=August 6, 2013 |publisher=[[Mozilla.org]] |access-date=March 14, 2014 |archive-url=https://web.archive.org/web/20140328214014/http://www.mozilla.org/en-US/firefox/23.0/releasenotes/ |archive-date=March 28, 2014 |url-status=live}}</ref><ref>{{cite news |url=https://arstechnica.com/information-technology/2013/08/firefox-23-lands-with-a-new-logo-and-mixed-content-blocking/ |title=Firefox 23 lands with a new logo and mixed content blocking |last=Bright |first=Peter |date=August 6, 2013 |work=[[Ars Technica]] |access-date=March 14, 2014 |archive-url=https://web.archive.org/web/20140218022903/http://arstechnica.com/information-technology/2013/08/firefox-23-lands-with-a-new-logo-and-mixed-content-blocking/ |archive-date=February 18, 2014 |url-status=live}}</ref><ref>{{cite news |url=http://www.extremetech.com/computing/163291-firefox-23-finally-kills-the-blink-tag-removes-ability-to-turn-off-javascript-introduces-new-logo |title=Firefox 23 finally kills the blink tag, removes ability to turn off JavaScript, introduces new logo |last=Anthony |first=Sebastian |date=August 7, 2013 |newspaper=ExtremeTech |access-date=March 14, 2014 |archive-url=https://web.archive.org/web/20140329071544/http://www.extremetech.com/computing/163291-firefox-23-finally-kills-the-blink-tag-removes-ability-to-turn-off-javascript-introduces-new-logo |archive-date=March 29, 2014 |url-status=live}}</ref> Beginning with Firefox 48, all extensions must be signed by Mozilla to be used in release and beta versions of Firefox. Firefox 43 blocked unsigned extensions but allowed enforcement of extension signing to be disabled. All extensions must be submitted to [[Mozilla Add-ons]] and be subject to code analysis in order to be signed, although extensions do not have to be listed on the service to be signed.<ref>{{cite web |title=Addons/Extension Signing |url=https://wiki.mozilla.org/Addons/Extension_Signing |website=Mozilla wiki |access-date=November 23, 2019 |archive-url=https://web.archive.org/web/20191010005008/https://wiki.mozilla.org/Addons/Extension_Signing |archive-date=October 10, 2019 |url-status=live}}</ref><ref name="signing">{{cite web |url=https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/ |title=Introducing Extension Signing: A Safer Add-on Experience |last1=Villalobos |first1=Jorge |date=February 10, 2015 |website=Mozilla Add-ons Blog |access-date=November 23, 2019 |archive-url=https://web.archive.org/web/20191029202549/https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/ |archive-date=October 29, 2019 |url-status=live}}</ref> On May 2, 2019, Mozilla announced that it would be strengthening the signature enforcement with methods that included the retroactive disabling of old extensions now deemed to be insecure.<ref>{{cite web |url=https://gizmodo.com/firefox-fixes-borked-extensions-for-everyone-but-legacy-1834548155 |title=Firefox fixes borked extensions for everyone but legacy users |first=Victoria |last=Song |publisher=Gizmodo |date=May 6, 2019 |access-date=May 6, 2019 |archive-url=https://web.archive.org/web/20190506165014/https://gizmodo.com/firefox-fixes-borked-extensions-for-everyone-but-legacy-1834548155 |archive-date=May 6, 2019 |url-status=live}}</ref> <!-- In Firefox versions prior to 7.0, an [[information bar]] appears on the browser's first start asking users whether they would like to send performance statistics, or "telemetry", to [[Mozilla Corporation|Mozilla]]. This telemetry exists as of May 2024{{Cn|date=June 2024}} and is enabled by default in development versions of Firefox, but not in release versions.<ref>{{cite web |url=https://wiki.mozilla.org/Telemetry/FAQ#Why_is_Telemetry_enabled_by_default_on_the_Firefox_pre-release_channels.3F |title=FAQ β Why is Telemetry enabled by default on the Firefox pre-release channels? |website=MozillaWiki |publisher=Mozilla |access-date=July 26, 2014 |archive-url=https://web.archive.org/web/20140810084936/https://wiki.mozilla.org/Telemetry/FAQ#Why_is_Telemetry_enabled_by_default_on_the_Firefox_pre-release_channels.3F |archive-date=August 10, 2014 |url-status=live}}</ref> According to Mozilla's privacy policy,<ref>{{cite web |url=https://www.mozilla.org/en-US/privacy/firefox/ |title=Mozilla Firefox Privacy Policy |publisher=[[Mozilla Corporation]], a subsidiary of the [[Mozilla Foundation]] |access-date=June 18, 2018 |archive-url=https://web.archive.org/web/20180614123101/https://www.mozilla.org/en-US/privacy/firefox/ |archive-date=June 14, 2018 |url-status=live}}</ref> these statistics are stored only in aggregate format, and the only [[personally identifiable information]] transmitted is the user's [[IP address]]. --> Since version 60 Firefox includes the option to use [[DNS over HTTPS]] (DoH), which causes [[Domain Name System|DNS lookup]] requests to be sent encrypted over the HTTPS protocol.<ref>{{cite journal |url=https://heise.de/-4079547 |title=Private Auskunft β DNS mit Privacy und Security vor dem Durchbruch |journal=C't |date=June 22, 2018 |volume=2018 |issue=14 |pages=176β179 |access-date=July 25, 2018 |language=de |archive-date=November 12, 2020 |archive-url=https://web.archive.org/web/20201112151338/https://www.heise.de/select/ct/2018/14/1530492966691096 |url-status=live}}</ref><ref>{{cite journal |url=https://www-heise-de.translate.goog/select/ct/2018/14/1530492966691096?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-GB&_x_tr_pto=nui |title=About Encrypted DNS by Carsten Strotmann & JΓΌrgen Schmidt |journal=C't |date=June 22, 2018 |volume=2018 |issue=14 |pages=176β179 |access-date=July 25, 2018 |language=de |archive-date=November 12, 2020 |archive-url=https://web.archive.org/web/20201112151338/https://www.heise.de/select/ct/2018/14/1530492966691096 |url-status=live |quote=This is the English Translation of Previous Citation.}}</ref> To use this feature the user must set certain preferences beginning with "network.trr" (Trusted Recursive Resolver) in [[about:config]]: if network.trr.mode is 0, DoH is disabled; 1 activates DoH in addition to unencrypted DNS; 2 causes DoH to be used before unencrypted DNS; to use only DoH, the value must be 3. By setting network.trr.uri to the URL, special [[Cloudflare]] servers will be activated. Mozilla has a privacy agreement with this server host that restricts their collection of information about incoming DNS requests.<ref>{{cite web |url=https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/ |title=Cloudflare Resolver for Firefox |website=cloudflare.com |access-date=July 25, 2018 |archive-url=https://web.archive.org/web/20180722071110/https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/ |archive-date=July 22, 2018 |url-status=dead}}</ref> On May 21, 2019, Firefox was updated to include the ability to block scripts that used a computer's [[CPU]] to mine [[cryptocurrency]] without a user's permission, in Firefox version 67.0. The update also allowed users to block known [[Device fingerprint|fingerprinting]] scripts that track their activity across the web, however it does not resist fingerprinting on its own.<ref>{{cite web |last1=Wood |first1=Marissa |title=Latest Firefox Release is Faster than Ever |url=https://blog.mozilla.org/blog/2019/05/21/latest-firefox-release-is-faster-than-ever/ |website=The Mozilla Blog |access-date=May 22, 2019 |archive-url=https://web.archive.org/web/20190521231343/https://blog.mozilla.org/blog/2019/05/21/latest-firefox-release-is-faster-than-ever/ |archive-date=May 21, 2019 |url-status=live}}</ref> In March 2021, Firefox launched SmartBlock in version 87 to offer protection against [[cross-site tracking]], without breaking the websites users visit.<ref>{{Cite web |date=March 25, 2021 |title=What is Firefox SmartBlock? Mozilla's 'best of both worlds' browsing explained |url=https://www.trustedreviews.com/news/what-is-firefox-smartblock-4129258 |access-date=March 30, 2021 |website=Trusted Reviews |language=en |archive-date=March 25, 2021 |archive-url=https://web.archive.org/web/20210325172240/https://www.trustedreviews.com/news/what-is-firefox-smartblock-4129258 |url-status=live}}</ref> Also known as state partitioning or "total cookie protection", SmartBlock works via a feature in the browser that isolates data from each site visited by the user to ensure that cross-site scripting is very difficult if not impossible. The feature also isolates local storage, service workers and other common ways for sites to store data.<ref>{{cite web |url=https://www.howtogeek.com/811311/firefox-now-blocks-cross-site-cookie-tracking-everywhere/ |title=Firefox Now Blocks Cross-Site Cookie Tracking Everywhere |website=How To Geek |date=June 14, 2022 |access-date=May 15, 2022 |archive-url=https://web.archive.org/web/20220614142704/https://www.howtogeek.com/811311/firefox-now-blocks-cross-site-cookie-tracking-everywhere/ |archive-date=June 14, 2022 |url-status=live}}</ref> In 2025, Mozilla introduced a [[Terms of service|terms of use]] for Firefox, as a means to give more transparency over users' rights and permissions for the browser outside of the Mozilla Public License. The company received criticism centering around a clause that gave Mozilla a "nonexclusive, royalty-free, worldwide license" to use any information that was uploaded or inputted into the browser. The new terms were perceived to reduce privacy, and were seen to be connected to AI, while Mozilla denied that these were the motives.<ref>{{Cite web |last=Parrack |first=Dave |date=February 28, 2025 |url=https://www.makeuseof.com/mozilla-rejects-firefox-terms-of-use-claims/ |title=Firefox's Updated Terms of Use Are Not As Bad As They Sound |website=MakeUseOf |access-date=March 1, 2025}}</ref> Criticism centered on fears that the license grant covered all data inputted, while Mozilla responded saying that the change "does NOT give us ownership of your data".<ref>{{Cite web |last=Peters |first=Jay |date=February 28, 2025 |url=https://www.theverge.com/news/621796/mozilla-firefox-terms-of-use-ownership-data |title=Mozilla says its new Firefox terms don't give it ownership of your data |website=The Verge |access-date=March 1, 2025}}</ref><ref name=":3">{{Cite web |url=https://blog.mozilla.org/en/products/firefox/firefox-terms-of-use/ |title=Introducing a terms of use and updated privacy notice for Firefox |website=The Mozilla Blog |access-date=March 6, 2025}}</ref> In an attempt to respond to the fallout, Mozilla said that many modified words were to ease readability, increase transparency, formalize existing implicit agreements, and describe the circumstances of a free browser, adding that the AI features are covered by a separate agreement.<ref name=":3" /><ref>{{Cite web |last=Perez |first=Sarah |date=February 28, 2025 |url=https://techcrunch.com/2025/02/28/mozilla-responds-to-backlash-over-new-terms-saying-its-not-using-peoples-data-for-ai/ |title=Mozilla responds to backlash over new terms, saying it's not using people's data for AI |website=TechCrunch |access-date=March 1, 2025}}</ref> Days later, Mozilla changed the wording of their privacy FAQ,<ref>{{Cite web |last=Peters |first=Jay |date=March 1, 2025 |url=https://www.theverge.com/news/622080/mozilla-revising-firefox-terms-of-use-data |title=Mozilla is already revising its new Firefox terms to clarify how it handles user data |website=The Verge |access-date=19 March 2025}}</ref> removing a pledge to never "sell your personal data" and revising another section denying allegations that it sold user data, saying that it gathers some information from hideable advertisements as well as chatbot metadata when interacted with, and that the legal definition of "sell" was vague in some jurisdictions.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=March 1, 2025 |url=https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html |title=Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language |website=The Hacker News |access-date=March 1, 2025}}</ref><ref>{{Cite web |last=Brodkin |first=Jon |date=February 28, 2025 |url=https://arstechnica.com/tech-policy/2025/02/firefox-deletes-promise-to-never-sell-personal-data-asks-users-not-to-panic/ |title=Firefox deletes promise to never sell personal data, asks users not to panic |website=Ars Technica |access-date=March 1, 2025}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)