Firefox 74 strengthens default TLS and extension controls
Mozilla released Firefox 74 with TLS 1.0/1.1 disabled by default, tighter extension controls, and profile import improvements requiring validation in managed environments.
Executive briefing: Mozilla shipped Firefox 74 on with security changes that disable TLS 1.0 and 1.1 by default, require add-ons to use the Extensions APIs for sideloading, and improve account and password import flows. The release raises baseline encryption while limiting unapproved extension installation paths.
Operator action: Test Firefox 74 in controlled rings to validate legacy application compatibility with TLS 1.0/1.1 disabled, update enterprise policies that previously relied on sideloaded extensions, and communicate expected user prompts around extension approvals. Confirm ESR channels remain aligned for managed deployments needing longer support windows.
Sources: Mozilla’s release notes document the TLS defaults, extension policy changes, and related security updates.
Continue in the Developer pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Secure Software Supply Chain Tooling Guide — Zeph Tech
Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…
-
AI-Assisted Development Governance Guide — Zeph Tech
Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…
-
Developer Enablement & Platform Operations Guide — Zeph Tech
Plan AI-assisted development, secure SDLC controls, and runtime upgrades using Zeph Tech research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.