FireFox Add-Ons for Better Security

Posted on by Walt Turnes

Everyone has their browser of choice; mine is FireFox, because of its level of extensibility and huge collection of user-created add-ons. There are many useful add-ons that deal with security. Here are 4 that deal specifically with SSL and certificates, and two that are just useful in general.

Export All Certificates
This add-on allows you to export all of the trust roots from Firefox in one operation. I can’t really think of a situation where this would be extremely useful, but it may be convenient for testing purposes.
https://addons.mozilla.org/en-US/firefox/addon/141504

Conspiracy
This plug-in adds some UI next to the SSL icon that shows the country of origin for the root certificate that issued an SSL cert.
https://addons.mozilla.org/en-US/firefox/addon/107867

CipherFox
Displays the current cipher and key size in use for an SSL session, and allows you to disable RC4.
https://addons.mozilla.org/en-US/firefox/addon/8919

Expiry Canary
Adds a UI element to FireFox during SSL sessions that warns you if the site’s certificate is near expiration. I can see this being useful if you manage multiple web servers, and need to debug SSL certificate problems often.
https://addons.mozilla.org/en-US/firefox/addon/8717

Flashblock
Flash is somewhat notorious for being insecure, so it’s probably not a bad idea to kill it altogether, and whitelist the flash content you want to allow. Flashblock lets you do that.
https://addons.mozilla.org/en-US/firefox/addon/433

NoScript
JavaScript isn’t always bad – a lot of web sites require it in order to function correctly, including just about any site that uses AJAX or other dynamically presented content. However, it can be exploited in attacks such as cross-site scripts and clickjacking. Disabling scripts is one of the best ways to secure your browsing experience, and NoScript allows you to do so while whitelisting sites that you trust.
https://addons.mozilla.org/en-US/firefox/addon/722