I love Firefox. I’ve used it since it was Firebird, if not Phoenix, and it’s my main browser on every device. I value Mozilla’s dedication to an open, secure, and private internet, and because of that, I recommend Firefox to friends and family. That’s why two recent Firefox developments have me concerned. This week we’ll discuss a troubling statement about the state of Firefox security, the sunsetting of the use of SHA-1 in SSL certificates and Firefox’s recent exception to that, and whether Firefox is still a secure browsing option.
Pwn2Own is a prestigious hacking competition where world-class hackers attempt to compromise, or pwn, machines through complex, previously unknown vulnerabilities. Competitors get the device or devices they compromise as a prize as well as cash prizes.
In past competitions all major browsers were targets. Some years Safari fell first, others, IE. This year though, Firefox won’t even be considered. Brian Gorenc, manager of Vulnerability Research at Hewlett Packard Enterprise, one of the Pwn2Own sponsors, stated about Firefox’s exclusion, ‘We wanted to focus on the browsers that have made serious security improvements in the last year.’
This is a troubling and personally saddening statement. We can’t speak authoritatively on the state of Firefox security, though Mr. Gronec can and, again, it’s troubling. It makes me wonder what unknown vulnerabilities bad actors or nation states might have for Firefox. That spark of uncertainty is unsettling for a security researcher.
SHA-1 is a hashing algorithm published by the NSA over 20 years ago. A hashing algorithm takes an arbitrary message and performs a mathematical transformation upon it to create a unique digest of the message. For instance, the SHA-1 hash for ‘hello world’ is 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed. Change one character, ‘hello wurld,’ and the hash becomes 6598799975fcbaa49b0c4f474786d61252d1b496. Each are unique. At least they were.
Researchers predicted the end of SHA-1 some time ago, dependent on the level of an attacker’s resources. This meant entities with nation or state-level resources would be able to break SHA-1 — create a different (evil?) message which has the same hash as another message — sooner than the general public.
Then in 2015, three researchers were able to break SHA-1 for around $100k USD, bringing the viability of breaking an important part of web security down to the organized crime or nefarious corporation level.
Why is this important for web security and Firefox? SHA-1 was used as the signature algorithm for SSL certificates until NIST banned its use and certificate authorities moved to SHA-2 in 2014. Browser developers also committed to sunsetting SHA-1 starting in 2014, with Mozilla fully on board:
‘…we agree with the positions of Microsoft and Google that SHA-1 certificates should not be issued after January 1, 2016, or trusted after January 1, 2017.’
This all sounded good. Until it didn’t.
Last week news surfaced that one of Symantec’s clients, Worldpay, wasn’t ready for the SHA-1 to SHA-2 transition and requested nine certificates with the weak algorithm. Symantec requested a pass on the certs and only Mozilla allowed them.
As you can imagine, the security community wasn’t pleased with Mozilla. In fact, I’d say, disappointed. I am. This was an opportunity to showcase a stance for strong security which ultimately benefits Mozilla, Worldpay, everyone in the long run.
These recent developments aren’t enough to sway me from using Firefox, nor should it sway you. No browser is absolutely secure and the Worldpay exception affects few, if any, end users. The point is that we all must put some level of trust into the systems we use to function in our everyday lives, and we must be aware of how these systems steward our security.