Mozilla Firefox 38 Gets a Baker’s Dozen Security Updates

From an encryption perspective, the new Firefox 38 is noteworthy in that the RC4 cryptographic cipher suite has been disabled. There is currently a draft IETF (Internet Engineering Task Force) specification that is all about prohibiting the use of RC4.

“RC4 is a stream cipher described, which is widely supported, and often preferred, by TLS [Transport Layer Security] servers,” the IETF draft states. “However, RC4 has long been known to have a variety of cryptographic weaknesses.”