On Sat, 07 Jan 16:51:41 +0100
meino.cra...@gmx.de wrote:
Hi,

what Firefox-Version/what browser is the most secure one for Online-Banking?

Who is able to tell about that? I think nobody which has evaluated this for every version (if some really has) is reading this list.

I would recommended at least a separate well configured browser profile for the banking purpose and to strip off all unnecessary connections.

The latter can be achieved by using a Proxy Auto Config (PAC) file [1]. Have a look at [2] for more background information on this — even when it’s quite old.

For Mozilla Firefox create a file (e.g. “proxy.pac”) with following content for example (don’t copy ’n paste, the spaces aren’t such):

function FindProxyForURL(url, host) {
    // Proxy bypass logic
    if (
           dnsDomainIs(host, '.your-bank.com')
    //  || dnsDomainIs(host, 'addons.cdn.mozilla.net')
    //  || dnsDomainIs(host, 'addons.mozilla.org')
    ) { return 'DIRECT'; }

    // Redirect all other requests through localhost which should always 
    // fail due no listen server.
    return 'PROXY 127.0.0.1:65535';
}

and place it in the root of your browser profile, apply it due property “network.proxy.autoconfig_url” or via GUI by using the “file:” protocol in about:preferences#advanced > Network > Connection Settings.

Before you ask, I’ve never tried to use a relative path definition which may be important on an USB device nor can say if it’ll also work.

Notice the comment lines for the mozilla domains. Comment those out if you really need to use add-ons in a banking profile and want to have a more comfortable way to update them. But you know, comfort/add-ons and security is often like fire and water nowadays.

To test that only your banking connection is possible invoke:

/usr/bin/firefox --private-window "https://www.example.com/" --no-remote -P 
banking.profile


[1] <https://calomel.org/proxy_auto_config.html>
[2] 
<https://web.archive.org/web/20040821144727/http://developer.netscape.com/docs/manuals/proxy/adminux/>


--
Best regards,
Floyd Anderson



Reply via email to