Firefox 83 has been released to the stable channel with a new feature meant to improve the security of its users, namely HTTPS-Only Mode.
The new feature is designed to prevent eavesdropping, especially when it comes to websites containing sensitive information, such as emails, financial data, or medical details.
With HTTPS-Only Mode enabled, Firefox attempts to establish a fully secure connection for each and every site the user accesses, and also asks for the user’s permission before connecting to a site that lacks support for secure connections.
Hypertext Transfer Protocol (HTTP) over TLS (HTTPS) was meant to address the security shortcomings of HTTP through encrypting the connection between the browser and the visited website.
While most websites do include support for HTTPS, and those that don’t are fewer by the day, many sites do fall back to the unsecure HTTP protocol.
On top of that, Mozilla notes, millions of legacy HTTP links pointing to insecure versions of websites still exist, meaning that, when the user clicks on them, the browser traditionally connects using the insecure HTTP protocol.
“In light of the very high availability of HTTPS, we believe that it is time to let our users choose to always use HTTPS. That’s why we have created HTTPS-Only Mode, which ensures that Firefox doesn’t make any insecure connections without your permission,” Mozilla says.
Once HTTPS-Only Mode has been enabled, Firefox will attempt to always establish a fully secure connection to the visited website, and even if the user clicks on an HTTP link or manually enters it, the browser will still use HTTPS instead.
The new feature can be enabled from the “Preferences” menu, in the “Privacy & Security” section. There, after scrolling down to “HTTPS-Only Mode,” users need to select the “Enable HTTPS-Only Mode in all windows” option.
“Once HTTPS-Only Mode is turned on, you can browse the web as you always do, with confidence that Firefox will upgrade web connections to be secure whenever possible, and keep you safe by default,” Mozilla notes.
When encountering a website that doesn’t include support for HTTPS, Firefox will deliver an error message, providing the user with the option to connect using HTTP.
For websites that do support HTTPS but serve resources such as images or videos over insecure connections, some pages might malfunction, and users will be provided with the option to temporarily disable HTTPS-Only Mode for that site.
Mozilla expects for HTTP connections to be deprecated once HTTPS is more widely supported and even required for all websites. HTTPS-Only Mode, the browser maker says, is the future of the Internet.
Related: Firefox Gets DNS-over-HTTPS as Default in U.S.
Related: Mozilla to Remove Support for FTP in Firefox
Related: Identifying DNS-Over-HTTPS Traffic Without Decryption Possible: Researcher

More from Ionut Arghire
- Malicious NPM, PyPI Packages Stealing User Information
- Boxx Insurance Raises $14.4 Million in Series B Funding
- Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data
- 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- Critical QNAP Vulnerability Leads to Code Injection
- GitHub Revokes Code Signing Certificates Following Cyberattack
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
