X
Tap here to go to the mobile version of the site.

Support Forum

Does Firefox publish a MD5 or SHA1 hash for me to verify my download?

Posted

For security reasons, I wish to be able to verify my Firefox download using either the MD5 or SHA1 hash.

For security reasons, I wish to be able to verify my Firefox download using either the MD5 or SHA1 hash.

Modified by monokle

Chosen solution

Additional System Details

Installed Plug-ins

  • Gecko default plugin
  • Runs Java applets using the latest installed versions of Java. For more information: Java Embedding Plugin. Run version test: Java Information.
  • Coupons Inc Bricks Safari Plugin
  • Google Updater One-Click Deluxe Install plugin
  • Office Live Update v1.0
  • iPhoto6
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Java Plug-In 2 for NPAPI Browsers
  • Shockwave Flash 10.1 r102

Application

  • User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

More Information

TonyE
  • Moderator
1044 solutions 8863 answers

Chosen Solution

For Firefox 3.6.13 you can access them here - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.13/

For Firefox 3.6.13 you can access them here - http://releases.mozilla.org/pub/mozilla.org/firefox/releases/3.6.13/

Question owner

Thank you!!

Thank you!!
dveditz 2 solutions 16 answers

Helpful Reply

For Windows installers checking the authenticode signature is much easier for most users. Open the folder containing the installer, right-click, Properties, and look for a "Digital Signatures" tab. There should be one, and it should be a valid signature for the Mozilla Corporation.

For people who know what to do with a SHA1 hash file, downloading it over an insecure connection from the same mirror site as the binary completely misses the point. Instead get it from https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/<version>/SHA1SUMS (or MD5SUMS if you prefer).

For Windows installers checking the authenticode signature is much easier for most users. Open the folder containing the installer, right-click, Properties, and look for a "Digital Signatures" tab. There should be one, and it should be a valid signature for the Mozilla Corporation. For people who know what to do with a SHA1 hash file, downloading it over an insecure connection from the same mirror site as the binary completely misses the point. Instead get it from https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/<version>/SHA1SUMS (or MD5SUMS if you prefer).