Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Will using firefox v 39 as my browser protect me in the folowing ways?

  • 4 replies
  • 3 have this problem
  • 3 views
  • Last reply by user961993

more options

1) after e-mailing my resume to a website that got an 'F' rating on an SSL server test program. 2) after clicking a link to do an online job application on above website.

Summary of rating of above website: Overall Rating F Certificate – 100 (out of 100) Protocol Support – 50 (out of 100) Key Exchange – 0 (out of 100) Cipher Strength – 90 (out of 100)

Details of rating: This server supports anonymous (insecure) suites (see below for details). Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.

Any advice would be greatly appreciated.

1) after e-mailing my resume to a website that got an 'F' rating on an SSL server test program. 2) after clicking a link to do an online job application on above website. Summary of rating of above website: Overall Rating F Certificate – 100 (out of 100) Protocol Support – 50 (out of 100) Key Exchange – 0 (out of 100) Cipher Strength – 90 (out of 100) Details of rating: This server supports anonymous (insecure) suites (see below for details). Grade set to F. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO » The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » The server does not support Forward Secrecy with the reference browsers. MORE INFO » This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. Any advice would be greatly appreciated.

Chosen solution

Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.

The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.

When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).

How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.

That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.

Read this answer in context 👍 1

All Replies (4)

more options

Chosen Solution

Firefox will refuse to connect to sites that offer egregiously poor HTTPS connections, but even when Firefox will connect, there are good, better, and best practices.

The higher the quality of the encryption between Firefox and the website, the lower the chances that anyone would be able to read or modify what was sent and received.

When a site has an "F" rating, there is much more of a risk that someone listening in could have obtained a readable copy of the information you sent and received, as well as your password or cookies or other data needed to impersonate you on that site. The risk is highest on an open wireless network (like the public network that doesn't require a WEP/WPA key).

How much of a problem is a "F" grade really? If no one was listening when you transmitted your secrets, you haven't lost anything yet. And if Firefox didn't object to the connection, the bad grade might relate to how other browsers might connect and not how Firefox connects.

That said, the situation raises some doubts about the company that operates the site. Can they be trusted to secure the information you gave them now that they have it on their system? If companies do not seem to be paying attention to security practices, it's probably best not to give them any sensitive information.

more options

Thank you for your clear response. A job with this company isn't worth the risk, even though it sounds interesting.

more options

I don't know how it would affect your prospects (or your karma), but you might point out this problem to them in case they aren't aware of it.

more options

I did and by the tone of their response, they're not changing. To bad for them (and me too.)