Does Firefox publish a MD5 or SHA1 hash for me to verify my download?
For security reasons, I wish to be able to verify my Firefox download using either the MD5 or SHA1 hash.
Modified by monokle
For Firefox 3.6.13 you can access them here - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.13/Read this answer in context 3
Additional System Details
- Gecko default plugin
- Runs Java applets using the latest installed versions of Java. For more information: Java Embedding Plugin. Run version test: Java Information.
- Coupons Inc Bricks Safari Plugin
- Google Updater One-Click Deluxe Install plugin
- Office Live Update v1.0
- The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
- Java Plug-In 2 for NPAPI Browsers
- Shockwave Flash 10.1 r102
- User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
For Firefox 3.6.13 you can access them here - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.13/
For Windows installers checking the authenticode signature is much easier for most users. Open the folder containing the installer, right-click, Properties, and look for a "Digital Signatures" tab. There should be one, and it should be a valid signature for the Mozilla Corporation.
For people who know what to do with a SHA1 hash file, downloading it over an insecure connection from the same mirror site as the binary completely misses the point. Instead get it from https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/<version>/SHA1SUMS (or MD5SUMS if you prefer).