Photo Credit: Sergio Ianni - Edited By Nicolo’ Canali De Rossi

In this step-by-step guide I am going to show how to set your Firefox up in a secure state to avoid any possible damage, just by disabling some features.

Here the details:

From your browser toolbar, select Tools and then Options. A new window with six tabs will open.

Set Firefox as your default browser

Under the tab “General”, click on the check-box to set Firefox as your default browser. From now on, every action associated with Internet Explorer is assigned with Mozilla Firefox.

Clear private data and cookies

Under the “Privacy” tab, you will see two boxes: “Cookies” and “Private Data”.

The first one will help you set cookie exceptions and also how long cookies will be stored in your system. This is a really personal decision, depending on which web-sites you use and how you use them.

“Private Data” is a very useful option that can help clear all the sensitive data (like browsing history, cookies, cache and saved password). You can also set up to clear you data every time you close Firefox.

Create a master password

In the “Security” tab, you will find a box called “Passwords”. This function allows you to store all your log-in passwords inside Firefox.

Creating a master password can help you encrypt all the others, increasing security remembering just one word instead of many.

Just select the box, click on “Change Master Password”, and insert an easy-to-remember but also strong password.

Set up warnings

Firefox can warn you every time something suspicious is going on. In “Security”, tick the boxes “Warn me when sites try to install add-ons” and “Tell me if the site I’m visiting is a suspected forgery”.

These options should be active by default, so just check if they are selected.

You can also set up some more warnings that can notify you whenever a particular page opens or closes. Under “Warning Messages” click “Settings”, and select all the warnings you want to be displayed.

Disable Java and block popups

Java is a programming language that allows any web-site to run applications on your computer automatically.

Disabling it, or at least activating it just when it’s needed would be a good behavior.

To do so, just go into the “Content” tab, and untick the “Enable Java” box.

You will also see an Advanced button next to “Javascript“. Click it, disable all the features you see, apart from the ones you think will be absolutely necessary for you, and click OK.

Back in “Content”, make sure that the “Block Popus” feature is active.

Download Actions

The last thing you need to do is to modify actions that Firefox takes when files are downloading. Any time a file type is configured to open automatically with an associated application, this can make the browser more dangerous to use, facilitating hackers’ attacks.

Under “Content” click the “Manage…” button in the “File Types” box.

Here you will be able to see the file types and the actions the browser will perform when it encounters a particular file type.

For any file type that you see listed, click on “Change Action” and select “Save them on my computer” to save files of that type instead of opening them in another program, preventing automated exploitation of vulnerabilities that may exist in those applications.

This is an updated version of the CERT/CC’s recommended Firefox’s security settings, in which they used Firefox 1.5. For this mini-guide I used Firefox 2.0.0.11.