Web browser will go further to protect against cyber-attacks

Firefox 91 will ship with HTTPS by default in private browsing mode

The latest version of Firefox will enable HTTPS by default in Private Browsing mode, Mozilla has confirmed.

The upcoming changes to the web browser were announced in a blog post published today (August 10).

When a user enters an insecure (HTTP) URL in Firefox’s address bar, or clicks on an insecure link on a web page, Firefox will now first try to establish a secure, encrypted HTTPS connection to the specified website.

Read more of the latest browser security news

The development “represents a major improvement” to the way Firefox 91 will handle insecure connections, Mozilla said in the post.

The parent company added: “Note that this new HTTPS by default policy in Firefox Private Browsing Windows is not directly applied to the loading of in-page components like images, styles, or scripts in the website you are visiting; it only ensures that the page itself is loaded securely if possible.

The feature will go further to protect against attacks – but will it go far enough?

“However, loading a page over HTTPS will, in the majority of cases, also cause those in-page components to load over HTTPS.”

The latest feature will be available “in the coming months”.

Small steps

Mozilla did state that in cases where a website does not support HTTPS, it will fall back to HTTP, meaning it protects against passive rather than active attackers.

Regardless, the move marks a step in the right direction for the web browser – though critics argue Mozilla needs to go still further.

Chris Hauk, consumer privacy champion at Pixel Privacy, added: “While this is definitely a step in the right direction, it is unfortunately limited to Private Browsing Windows, and isn’t on by default for normal browsing sessions.

“Some reports I’ve seen indicate that Firefox will make HTTPS the default for pages loaded outside of private windows in a future update. That can’t come too soon for me.”

Javvad Malik, security awareness advocate at KnowBe4 added: “It’s definitely a step in the right direction; these small steps need to be continually implemented to raise the security bar over time.”

YOU MAY LIKE Firefox becomes latest browser to support Fetch Metadata request headers