The security researchers at Google have discovered a security vulnerability (nicknamed POODLE) in the decades old SSL version 3.0 protocol which can be used by an attacker to gain access to the information like passwords and cookies transferred over the secure connection encrypted using the SSL 3.0 protocol. As a consequence, all the major web browsers have decided to drop the support for SSL 3.0 in their future versions and updates. Mozilla Firefox has declared to drop SSL 3.0 in the version 34.0 of the browser. But until they release the new version, you can simply disable SSL 3.0 in Firefox yourself in order to prevent any such attacks.
You can disable SSLv3 in Firefox using these simple instructions:
- In the Firefox browser address bar type about:config and press Enter.
- It will show a warning, but you can click on the button labeled “I’ll be careful, I promise” to proceed.
- Type tls in the search box to narrow down the settings to only the ones related to the TLS which is the cryptography protocol that supersedes SSL.
- Double-click on security.tls.version.min and change its value to 1.
- That’s it. You have disabled SSL 3.0 and configured Firefox to use at least TLS version 1.0 for secure connections.
The TLS protocol supersedes SSL and provides a much more secure connection in Firefox. If you disable SSL 3.0 in Firefox, some of the websites may refuse secure connection as they may still be using the old SSL 3.0 protocol. In these cases, you can temporarily enable SSL v3.0 by changing the value of security.tls.version.min to 0.
Conclusion: The POODLE vulnerability in SSL version 3.0 can be prevented easily by disable SSL 3.0 in Firefox. You can set Firefox to use TLS 1.0 as the minimum version of cryptography protocol to disable SSL 3.0 and make Firefox much more secure.