firefox logo

Firefox 4  added support for HTTP Strict Transport  Security which forces browser to visit site via HTTPS  only which protects users on un trusted networks specially on public spaces like hotspots and air ports .This feature prevents Man-in-the-Middle (MITM) attacks over HTTP.

When you enter website address of encrypted site like PayPal browser won’t load that site directly via HTTPS instead it connects to HTTP server of website and then redirects to encrypted server.In the mean time before establishing secure connection to the site you may end up entering hackers website on rogue hotspots.

User may not notice security indicators shown for SSL secured website in browser specially helpful if phishing sites mimics like encrypted sites since they are not noticeable and small also, SSLPersonas may help to show these indicators large by changing Firefox theme.

To stop this kind of man-in-middle attack Sid Stamm integrated HTTP Strict Transport Security into Firefox.This security feature will be built-in and turned on by default in Firefox 4 final. This feature will also be available in next Firefox beta as well and currently exists in nightly build where you can try.

You can check PayPal website which strictly serving Strict transport security header after installing nightly build supporting HSTS feature .

You can find more details about HSTS from below links

Mozilla Security blog

HTTP Strict Transport Security

Mozilla hacks blog