Q

How the Firefox Health Report improves enterprise browser security

Expert Michael Cobb discusses the ins and outs of the Firefox Health Report, and the implications it has for browser security and enterprise security.

With the release of Firefox 21, Mozilla created what's called the Firefox Health Report, which will supposedly

collect Firefox usage data that will be publically available, including data pertaining to security issues with the browser. My first question is how can IT security teams potentially use this data to improve security if they are using Firefox? I'm also wondering if there is any downside to the way Mozilla collects this data, and if we should disable the feature until we have a full understanding of what Mozilla is collecting?

Ask the Expert

SearchSecurity expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)

The Firefox Health Report is intended to help both users and Mozilla improve browser performance and stability. Mozilla says collecting specific data could help uncover patterns of problems in Firefox, determine whether reported incidents are isolated to specific browser configurations and help provide better support information for users. The report will also benefit users as they will be able to check the relative health and performance of their browser and its components against other instances of Firefox.

The Firefox Health Report dashboard built into Firefox covers five categories of metrics, shows the browser's performance and health -- both in absolute terms and in comparison to the global Firefox user base -- and offers advice on how to improve performance. For example, users can see whether a problem is unique to their installation or related to a particular add-on, and whether upgrading to the next version is likely to solve their problem.

The data collected is specific to a given browser instance and includes information such as the device's operating system, number of processors, Firefox version, and the number and type of add-ons. Information which could directly identify a user, like email addresses, websites visited and search details, will not be collected. For those who need to know exactly what is being sent before participating, the Raw Data tab in the Firefox Health Report shows the actual data that is being sent to Mozilla.

The Firefox Health Report also collects the data that is sent in crash reports. These are used to analyze which Firefox code was active at the time of the crash. Though crash reporting starts automatically after Firefox crashes, it does not send information to Mozilla until authorized to do so. Usage statistics, or telemetry, is also turned off by default and includes performance and responsiveness statistics about user interface features memory, and hardware configuration. These statistics are stored in an aggregate form and made available to a range of developers.

Users who don't want to send Firefox Health Report data to Mozilla -- it's collected by default -- can easily turn it off from the top of any FHR page or from the Data Choices section in the Firefox Options window. When sharing is turned off, Firefox not only stops sending information about the browser to Mozilla but also sends a request to the Mozilla servers to delete any previously submitted information. This request is processed immediately after being successfully received. Individual browser data is deleted after 180 days. Users who turn off sharing will still be able to see their own browser health information and view the comparison data from other browsers that are sharing their data.

The Firefox Health Report data could be of great use to administrators trying to troubleshoot browser problems. As long as the data sent doesn't contravene in-house security policies, there are no pressing reasons not to participate. More information about Mozilla's data practices can be found in the Mozilla Firefox Privacy Policy.

This was first published in October 2013

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close