Bomb Proof Firefox

Martin Brinkmann
Sep 17, 2007
Updated • Apr 10, 2012

The XeroBrowser that I wrote about just a few hours ago is a nice software especially for inexperienced users who feel insecure when configuring security applications. Experts or users who want to control what is being installed and used on their system want to manually add security extensions to Firefox. This is probably the better approach because they know exactly what is installed on their system.

Firefox can be configured in a way to enhance security while browsing the Internet and extensions do the rest to make it one of the most secure browsers currently available. I want to point out several settings in Firefox that can increase security and privacy as well as extensions that are considered by many to be great security add-ons.

I would like to begin with settings in Firefox. In order to change settings you have to open the options by clicking on Tools > Options in the top menu. The following tabs are important for us: Content, Privacy, Security and Advanced.

Firefox Content:

There is only one setting in here that you should consider changing. If you disable Java you eliminate an attack vector. This could mean on the other hand that certain web applications that require Java will not run anymore in Firefox. My suggestion would be to disable Java and monitor usage to see if any of your favorite websites use Java.

Firefox Privacy:

This is one of the many times that require a decision between ease of use and privacy / security. It is secure if you decide to erase all data that has been accumulated during your session so that no one is able to look in the cache or browsing history to see what you have been doing in that session.

This on the other hand means that you will have to login again into websites every time you visit them because passwords and cookies are not saved anymore.

My suggested settings would be to uncheck all elements in History, to keep the cookies until you close Firefox and to clear all private data when exiting Firefox. This is the best setting for maximum privacy but as I said earlier, you need to remember passwords and login into sites in each session because the login data is not saved during sessions.

Firefox Security:

The security tab is another important tab that has several options that should be changed for security reasons. The best way would be to uncheck 'Remember Passwords for Sites' to make sure that Firefox is not saving passwords at all. If you have to use this feature you should at least create a Master Password.

If you do not create one everyone who is accessing your Firefox browser is able to see all saved usernames, passwords and websites. This is a huge security risk.

The security warnings could be important to but tend to popup warnings frequently if you enable all. This is again a decision to be secure and see more warnings or receive no warnings with the possibility to miss something.

Firefox Encryption:

There is one setting that makes sense to change. Click on Encryption in the advanced tab and check 'Ask me every time' a website requires a certificate.

Firefox Security Add-ons:

I would recommend to at least install No Script which is a fantastic extension for Firefox. Everything else is great for certain circumstances. Just take a look at all the security extensions. I did not add any proxy / throwaway email services other than FoxTor because proxies can be insecure as well.

AdBlock Plus - remove most advertisements from websites.

Cert Viewer Plus - Provides enhancements to the certificate viewer.

Dr. Web Anti-Virus link checker - Great for the initial check before downloading something from the Internet.

Extended Cookie Manager - Manage cookie permissions of websites with ease.

Flashblock - Blocks Flash content on websites with the option to enable it.

FoxTor - Use the Tor network when surfing with Firefox. Adds anonymity.

No Script - Run Java, Javascript and other content only from trusted websites. You create a list of trusted websites that are loaded with all those scripts enabled. All other sites are run without.

Keyscrambler Personal - Encrypts your keystrokes which prevents that keyloggers can record the entered data.

Secure Login - If you want to save usernames and passwords you should install Secure Login. It provides similar functionality to Opera's Wand feature by bypassing the forms on websites and sending the login data directly to the server.

Whois Plugin - Find out who owns a website.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Quasimodo said on September 17, 2007 at 7:14 pm

    Flashblock and NoScript don’t play well together.

    Noscript blocka all embedded objects by default anyway (including Java).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.