Firefox and Security Add-Ons for Linux - Secure Web Browser
Updated10 August 2016
Table of Contents...Loading Table of Contents...
Mozilla Firefox (or simply known as Firefox) is a free and open source web browser which is enhanced by the availability of numerous add-ons for it, including some that are designed to protect your privacy and security when you browse the web.
What you will get from this guide
- A stable and secure internet browser whose features can be enhanced by numerous add-ons.
- The ability to protect yourself from potentially dangerous programs and malicious websites.
- The ability to wipe the digital traces of your browsing activity.
1. Introduction to Firefox
This guide assumes that you already know how to use a web browser and will not cover the basic functions of Firefox. It will focus on security-related settings and extensions.
1.0 Things you should know about Firefox before you start
Firefox has many easy-to-use add-ons that improve your privacy and security when you browse the Web. You can choose which add-ons to install, and decide how to configure them, depending on your circumstances. If you are using a computer that is managed by someone else (at an Internet cafe, for example, or in your place of work), you might have to make these adjustments repeatedly.
In addition to basic Firefox settings, this guide covers the installation and basic configuration of the following add-ons:
Important: The overwhelming majority of malware and spyware infections originate from webpages. It is important that you always consider whether it is safe to visit unknown websites, particularly those that are sent to you by email. Before you decide to open a webpage, we recommend that you scan the web address using the following page scanners:
You can also check the reputation of a website using the scanners listed below:
1.1 Other tools like Firefox
Similar tools and alternatives for other operating systems.
The Mozilla Firefox Web browser is available for GNU/Linux, Apple Mac OS X, Microsoft Windows and other operating systems. Websites are the most common source of malware infection, so accessing them securely is vital. We recommend that you use Mozilla Firefox and install the add-ons covered in this guide. If you would prefer to use a program other than Mozilla Firefox, the alternatives below are also available for GNU/Linux, Apple Mac OS X and Microsoft Windows:
2. Install, configure and use Firefox
Many Linux distributions come with Firefox installed by default, and most have a package management system or software center that makes it easy to install and update Firefox (along with any additional software that it requires to operate).
Tip. Many Linux distributions include a trademark-free version of Firefox called Iceweasel, which is just the same tool with a different name.
2.1. Install or Update Firefox
You probably already have Firefox (or Iceweasel) installed. But, if you do not — or if you need to update it — you can follow the instructions in one of the sections below. It is extremely important that you keep your Web browser up-to-date. Firefox is easier to update if you install it using your package management system or software center, so we recommend using one of the first two methods below. But, if you need the latest version of Firefox for some reason — or if you want to install Firefox as a portable application (on a USB storage device, for example) — the Install Firefox directly from the developer section will show you how.
Tip: It is normally a good idea to use the most recent version of security-related software, including Web browsers. However, Linux distributions typically incorporate security updates for the "older" versions of Firefox in their package management systems and software centers. Because of this — and because these versions are easier to update — we generally recommend installing and updating Firefox using a package management system or a built-in software center.
2.1.1 (Optional) Install or update Firefox using a commandline package manager
To install or update Firefox using a the apt commandline package manager that comes with many Linux distributions (including Debian and Ubuntu), follow the steps below.
Step 1. Open Terminal
Step 2. Execute the following command in Terminal
sudo apt-get update
Step 3. Type the passphrase that you use to log in to your computer and press Enter.
This will refresh the list of software that that your package manager knows how to install and update.
Step 4. Execute one of the following commands in Terminal
sudo apt-get install firefox
sudo apt-get install iceweasel
2.1.2 (Optional) Install or update Firefox using your "software center"
To update Firefox using a graphical software center application, follow the steps below:
Tip: The instructions in this section are based on the Ubuntu Linux distribution, but many other distributions include some kind of software center. Some Debian variants also include an application called Synaptic Package Manager, which provides similar functionality. If you do not find an application called Firefox, look for one called Iceweasel. As mentiond above, it is the same application with a different name.
Step 1. Launch Software Center
Figure 1: The Ubuntu Software Center
Step 2. Click in the Search bar
Step 3. Type "Firefox"
Figure 2: Searching for Firefox
Step 4. Click the entry for Firefox Web Browser
Figure 3: Software Center showing that Firefox is already installed
If the button on the right says [Install], you can install Firefox. If it says [Remove], then Firefox is already installed. Even if it is already installed, however, you should make sure it is up-to-date by following the steps below.
Step 5. Launch the Software Updater application that comes with your Linux distribution. (If it does not have one, refer to the Install or update Firefox using a commandline package manager section.) It will automatically begin refreshing the list of software that it knows how to install and update.
Figure 4: Ubuntu's Software Updater refreshing its list of software
When it is done, it will let you know whether any of the software on your computer (including Firefox) is outdated.
Figure 5: Ubuntu's Software Updater showing that all software is up-to-date
If you are up-to-date, you can click [OK]. If any of your software needs to be updated, we recommend that you follow Software Updater's instructions and update everything. You should then restart your computer as soon as it is convenient.
2.1.3 (Optional) Install Firefox directly from the developer
To install the latest stable version of Firefox, directly from the developer, follow the steps below:
Step 1. Go to the Firefox download page
Figure 1: Firefox download button
Step 2. Click the [Free Download] button to download the Firefox archive file
Step 3. Save the archive file somewhere convenient, such as on your Desktop in your Documents folder.
In this section, we will assume the Firefox archive is on your Desktop.
Step 4. Navigate to the folder where you saved the Firefox archive file
Figure 2: The Firefox archive file
Step 5. Double-click the Firefox archive file to enter the archive
Figure 3: Inside the Firefox archive
Step 6. Click [Extract] to choose a location for the Firefox application folder
Figure 4: Choosing a location to extract the Firefox application folder
Step 7. Navigate to the location where you want you extract the Firefox application folder
Step 8. Click [Extract] to extract the Firefox application folder
Figure 5: Extracting the Firefox application folder
Step 9. Click [Close] to return to the Firefox archive
Figure 6: Inside the Firefox archive
Step 10. Click the X in the upper, right-hand corner to close the Firefox archive
Step 11. Navigate to the location where you extracted the Firefox application folder in the previous steps
Figure 7: The Firefox application folder
Step 12. Enter the Firefox folder
Figure 8: Inside the Firefox application folder
Step 13. Double-click the firefox file to launch the Firefox browser
Firefox will ask if you want to make it your default browser, as shown below
Figure 9: The Firefox "Default Browser" screen
Step 14. (Optional) Uncheck Always perform this check when starting Firefox
Tip. If you plan to use this installation on other computers, you should uncheck this box.
Step 15. Click either [Not now] or [Use Firefox as my default browser] to open the Firefox browser
Figure 10: The Firefox browser window
2.2. Configure search engines
You can configure Firefox to use a search engine of your choice. To do so, follow the steps below:
Step 1: Select Edit > Preferences in your Firefox menu bar.
Figure 1: Firefox search preferences
Step 2: Click Search in the side bar of the Preferences screen.
You can now choose your default search engine and decide which other search engines should be accessible through the Firefox search box. We recommend DuckDuckGo as a default search engine because it does not track or profile its users, or share its users' personal information with third parties.
Other privacy-focused search engines that you can choose to add as search engine options to choose in the Firefox toolbar’s search bar include:
2.3. Configure privacy options
You can configure the Firefox privacy settings by following the steps below:
Step 1: Select Edit > Preferences in your Firefox browser menu bar.
Figure 1: Firefox privacy settings
Step 2: Click Privacy in the side bar of the Preferences screen.
You can now change the Firefox settings related to privacy, third-party tracking, and browsing history by following the steps below:
Step 3. Many websites collect information about you and allow third parties to gather data about the websites you visit. This is called tracking. Do Not Track is a system that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
To enable Do Not Track in Firefox, and minimise the tracking of your online activity, select the two options under the Tracking section. It is important to understand, however, that companies have the ability to ignore your choice and track you anyway. Here is a list of companies' commitments to honoring Do Not Track requests.
Step 4. The History section lets you manage your Firefox browsing history preferences. Your browsing history is a list of websites you have visited using Firefox. The default option is Remember my browsing and download history, which means that Firefox will remember your browsing, download, form, and search histories. It will also accept cookies from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.
To prevent this, in the first option under History that starts with Firefox will:, you can change Remember history to Never remember history. Or you can change it to Use custom settings for history and set more detailed preferences in the History section.
Step 5. The Location Bar section lets you choose the sources that Firefox will use to recommend Web address when you start typing in the Address bar. By default, it uses bookmarked Web addresses, open tabs, and websites that are in your browser history. You can uncheck any of these sources as you prefer.
2.4. Configure security options
You can configure the Firefox security settings by following the steps below:
Step 1: Select Edit > Preferences in your Firefox browser menu bar.
Figure 1: The Firefox security settings
Step 2: Click Security in the side bar of the Preferences screen.
You can now modify the Firefox security settings.
All of the boxes under General should be checked. If they are not, we recommend checking them so that Firefox will
- Warn you when websites try to install add-ons
- Block reported web attacks
- Block reported Web forgeries.
The boxes under Passwords relate to Firefox's built-in password manager. If you check the Use a master password box, Firefox will encrypt the website passwords that it saves and prompt you for a master password whenever it needs to enter one for you. In general, we recommend using an offline password manager, such as KeePassX, to store your passwords. But, if you are going to allow Firefox to manage your website passwords, you should check the second box.
2.5. Configure advanced options
You can configure various advanced preferences for Firefox by following the steps below:
Step 1: Select Edit > Preferences in your Firefox browser menu bar.
Figure 1: The Firefox advanced preferences
Step 2: Click Advanced in the side bar of the Preferences screen.
The Advanced preferences screen contains five tabs:
- General includes various usability options
- Data Choices allows you to choose what data to send to Mozilla about your browser health, security and performance
- Update allows you to determine how Firefox will handle automatic updates (including updates to your preferred search engines)
- Network allows you to manage proxy settings, cached web content and offline user data
- Certificates allows you to decide how Firefox should deal with cryptographic certificates (both when websites request a personal certificate from your browser and when Firefox is trying to determine whether or not an https certificate presented by a website is valid)
The General tab includes a useful option that allows Firefox to prevent web sites from automatically redirecting you to another page or reloading themselves without your consent or knowledge.
Figure 2: The General tab of the Advanced preferences screen
Step 3. Check the Warn me when websites try to redirect or reload the page box
2.6 Using privacy features while browsing the web
In addition to the settings described above, Firefox provides two useful features that give you some control over the data that it stores, on your computer, about the websites you visit. They are the Clear recent history screen and Private browsing mode.
Clear recent history
To clear data about your browsing history that Firefox has already stored, follow the steps below.
Step 1. Press the Control, Shift and Delete keys at the same time to activate the Clear recent history screen. (As an alternative, you can select History > Clear recent history from the menu bar.)
Figure 1: The Clear recent history screen
Step 2. Click the arrow next to the word Details to expand the list of what will be deleted
Figure 2: Which types of browsing data to clear
Step 3. Check the boxes next to the types of browsing data you would like Firefox to delete.
In this example, we will clear everything except Offline Website Data and Site Preferences. If you are using this feature for the first time, you might want to start with something less aggressive.
Step 4. Click the words next to "Time range to clear", to see how far back Firefox will go when deleting your browsing data
Figure 3: Time range to clear
Step 5 Select the time range for which you would like Firefox to clear history
In this example, we will clear all of the browsing data (except Offline Website Data and Site Preferences). Again, if you are using this feature for the first time, you might want to start with something less aggressive.
Figure 4: Firefox ready to clear your browsing data
Step 6. Click [Clear now] to clear the selected browsing data.
As an alternative to the above, you can use Firefox's Private browsing mode to prevent it from recording your browsing history at all.
Private browsing mode
To prevent Firefox from storing data about your current browsing session, follow the steps below.
Step 1. Press the Control, Shift and P keys at the same time to open a Private browsing window. (As an alternative, you can select File > New Private Window from the menu bar.)
Figure 5: A Firefox private browsing window
Step 2. Browse the web using this window.
Firefox will not record your browsing data while you use this window. This includes any tabs you might open within it. The window itself notes a few exceptions, including Downloads and Bookmarks. It also reminds you that Firefox itself cannot prevent those who might want to monitor your Internet connection (including your ISP) from tracking the websites you visit. For that, you will need Tor Browser.
3. Firefox add-ons
A Firefox add-on is software that adds new features or extends existing functionality. Add-ons include plugins and extensions. This section will show you how to disable potentially harmful plugins, then introduce a few useful privacy and security extensions, including:
3.1 Update or disable potentially harmful plugins
The Adobe Shockwave Flash plugin and the Oracle Java browser plugin are often found to contain security vulnerabilities that could allow a remote user to assume control of your computer or to install malware. It is strongly advised that you disable both of those plugins in Firefox. For more information about how to disable or remove the Java browser plugin, please refer to Oracle's steps to disable Java for all browsers on your computer.
To update your plugins, follow the steps below. To disable Adobe Shockwave Flash, see Step 9, below.
Step 1. Launch Firefox
Figure 1: Firefox
Step 2. Click the button in the upper, right-hand corner of your browser window
Figure 2: The Firefox Options menu
Step 3. Click the Add-ons button
Figure 3: The Firefox Add-ons menu
Step 4. Click the Plugins tab on the left-hand side of the window
Figure 4: The Firefox Plugins screen
Step 5. Click the Check to see if your plugins are up to date link to open the Check Your Plugins tab
Figure 5: The Firefox Check Your Plugins tab
Step 6. Scroll down to check all of the plugins identified by Firefox
Figure 6: More plugins on the Check Your Plugins tab
Your plugins should fall into one of three categories:
- If all of your plugins are up-to-date, continue with Step 9, below
- Some of your plugins may appear next to a [Research] button. If you click [Research], Firefox will display search results that might help you update the corresponding plugin
- If any of your plugins appear next to an [Update Now] button, you should click it and follow the instructions. In the figure above, Adobe Flash Player is an example of an outdated plugin
Unfortunately, this method might not work to update some plugins — including Adobe Flash Player — unless you first update the list of software that your system knows how to install. To do this, follow the steps below.
Step 7. Launch the Software Updater application that comes with your Linux distribution. It will automatically begin refreshing the list of software that it knows how to install and update.
Figure 7: Ubuntu's Software Updater refreshing its list of software
Step 8. Accept and install any updates identified by Software Updater. It will let you know when those updates have been installed.
Figure 8: Ubuntu's Software Updater after everything is up-to-date
Step 9. Click [OK]
When Software Updater is done, you can restart your computer, if necessary, then check back with Firefox to make sure that Adobe Shockwave Flash has been updated.
Flash vulnerabilities in are extremely common, however, and Adobe's support for the Linux plugin is limited. So you should disable the Flash plugin even if you are able to update it. To disable the Adobe Shockwave Flash plugin, follow the steps below.
Step 10. Return to the Add-ons Manager tab that shows all of your Firefox plugins
Figure 9: The Firefox Plugins screen
Step 11. Click Always Activate if it is visible next to Shockwave Flash
Figure 10: The Shockwave Flash activation menu
Step 12. Select Never Activate to disable Adobe Shockwave Flash.
Figure 11: Adobe Shockwave Flash disabled
Note: If you select Ask to Activate, Firefox will let you know when a website tries to send you Flash content. You will then have the option to click [Allow], in the upper right-hand corner of your browser window, as shown below. However, we recommend that you fully disable Flash, especially if you were unable to update it to the latest version.
Figure 12: Firefox prompting you to allow Flash content
3.2. HTTPS Everywhere
HTTPS Everywhere is an add-on that helps Firefox connect securely to websites that support encryption.
When you access a page using a Web address that begins with "http://" (such as http://www.amazon.com), your connection is unencrypted. The information you send to and receive from that website can be seen by anyone with the ability to monitor your Internet traffic. This includes your (ISP) and many surveillance platforms.
When you access a page using a Web address that begins with "https://" (such as https://www.amazon.com), your connection will be encrypted, and third parties will find it much more difficult to intercept the data you send and receive. Unfortunately, even websites that do support https often fail to redirect visitors to the correct Web address. This is the problem that HTTPS Everywhere was designed solve.
HTTPS Everywhere maintains a list of websites that support https and automatically requests an encrypted connection for those websites—even if you click on a link (or enter an address into your browser) that begins with http.
To install HTTPS Everywhere, follow the steps below:
Step 1: Select Tools > Add-ons in your Firefox browser menu bar.
Step 2: In the “Get Add-ons” section, type HTTPS Everywhere in the search bar and press enter. You should now have a list of all available add-ons in front of you, including HTTPS Everywhere.
Figure 1: Finding the HTTPS-Everywhere add-on for Firefox
Step 3: Click [Install], next to HTTPS Everywhere, to download and install the add-on.
Figure 2:Installing HTTPS-Everywhere
Step 4: Restart your Firefox browser to install HTTPS Everywhere.
Step 5: Verify that HTTPS Everywhere was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar. HTTPS Everywhere should be displayed, along with your other add-ons.
Figure 3: HTTPS-Everywhere installed
HTTPS Everywhere is now installed. When you connect to a website that is included in the list maintained by the add-on, and that supports https, your connection will be encrypted automatically.
Note. When HTTPS Everywhere is working, you should still see "https://" in your browser's address bar. If you do not, then your connection is unencrypted.
If you click on “Preferences” next to HTTPS-Everywhere, the following window should appear:
Figure 4: HTTPS-Everywhere's "SSL Observatory Preferences" screen
Here you can choose whether you want to use the EFF's SSL Observatory, which warns you about insecure connections or attacks to your browser. We strongly recommend that you use this SSL Observatory for better browser security.
3.3. Privacy Badger
Privacy Badger is a browser add-on that prevents third-party companies from tracking your online activities. It is available for Firefox, the Tor Browser, Chrome, and Chromium.
To install Privacy Badger, follow the steps below:
Step 1: Select Tools > Add-ons in your Firefox browser menu bar.
Step 2: In the “Get Add-ons” section, type Privacy Badger in the search bar and press enter. You should now have a list of all available add-ons in front of you, including Privacy Badger.
Figure 1: Finding the Privacy Badger add-on for Firefox
Step 3: Click [Install], next to Privacy Badger, to download and install the add-on.
Figure 2: Installing Privacy Badger
When the add-on is installed, Firefox will display Privacy Badger's "Thank you" page
Figure 3:Privacy Badger's "Thank You" page
Step 4: Verify that Privacy Badger was installed successfully by selecting Tools > Add-ons > Extensions in the Firefox menu bar. Privacy Badger should be displayed, along with your other add-ons.
Figure 4: Privacy Badger installed
The Privacy Badger add-on is now installed and can help prevent (third party tracking](/en/glossary#third-party-trackers) of your online activities. You can click [Preferences] to change Privacy Badger's settings (though the default values are fine).
Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?
A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.