Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Does POODLE SSLv3 effect Mozilla Firefox?

  • 5 replies
  • 5 have this problem
  • 1 view
  • Last reply by jacobwp

more options

Does this SLL v3 Poodle Breach effect Firefox? Does my Firefox need to updated?

Reply soon!

Jacob

Chosen solution

Firefox tries to use the latest connection method (TLS 1.2) with sites, and then "falls back" to TLS 1.1, TLS 1.0, and finally SSL 3.0 if the site doesn't support a newer method.

If you want to block Firefox from falling back to SSL 3.0 so that you won't unknowingly make a Poodle-vulnerable connection, you can change a setting so that SSLv3 is never used. A few sites might not work with this setting, but I think it will be very few.

Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and change the value from 0 to 1

What that means is, the lowest Firefox will go is TLS 1.0. I actually made this change myself this afternoon for the same reason.

Read this answer in context 👍 32

All Replies (5)

more options

Chosen Solution

Firefox tries to use the latest connection method (TLS 1.2) with sites, and then "falls back" to TLS 1.1, TLS 1.0, and finally SSL 3.0 if the site doesn't support a newer method.

If you want to block Firefox from falling back to SSL 3.0 so that you won't unknowingly make a Poodle-vulnerable connection, you can change a setting so that SSLv3 is never used. A few sites might not work with this setting, but I think it will be very few.

Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and change the value from 0 to 1

What that means is, the lowest Firefox will go is TLS 1.0. I actually made this change myself this afternoon for the same reason.

more options
more options

So if i change this (security.tls.version.min ) from 0 to 1 this will stop the sslv3 from affecting me?

Regards, jacob

more options

Yes, the value of security.tls.version.min = 1 will disable SSL3.


  • bug 1076983 - (POODLE) Padding oracle attack on SSL 3.0

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

more options

Thanks for all the help!

Regards, Jacob