Security Panel Lands In Firefox 37

Mattias Geniar, Tuesday, January 20, 2015 - last modified: Wednesday, January 21, 2015

Firefox Nightly (or if you prefer, Firefox's Developer Edition) just got a pretty interesting new feature, called the Security Panel.

Just 2 weeks ago, Jerod Santo blogged about browsers having a "security tab", with an overview of the most common security best practices and checks. Craig Francis made an interactive demo to show it of.

The idea of a "security panel" appeared to be proposed by Joel Weinberger first and led to some discussion with Chris Palmer, after which Craig Francis made a first version of the panel.

And now, Firefox version 37 ships with a security panel.

The Network Monitor is the home of our other new tool, the security panel. Selecting a request in the network panel now displays a security panel in the request inspector. The panel reveals a list of information about the request’s connection, host, as well as the certificate used.

The security panel can help debug issues related to SSL protocol versions [...] and can help ensure that sufficiently strong security measures are implemented.

Security Panel in the Network Inspector

Someone got what they wanted.

firefox_developer_security_tab

The Security Panel doesn't show a lot just yet, but I like where this is heading. So far, we've got:

Jerod's example went a lot further. It showed the Content Security Policy, Cross Site Request Forgeries, Cross Site Scripting, Frame Injection, ...

What's in Firefox right now is, I hope, just the start. Right now, the panel in itself isn't all that useful. It's information that you can gather from the browser already, just hidden in many different places.

Here's what I'm hoping: that the security panel isn't just a quick response to the request of more security features, but a real commitment. I'm curious how they plan on keeping it up-to-date. Even with the rapid Firefox releases, the security world is moving at a very fast pace. Today's safe SSL configs are tomorrow's POODLE.

Can browsers keep up? Will this give users a false sense of security, if that panel were to show all OK's? Rumour has it, Chrome is working on a similar feature. What'll they do different?



Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *