This glossary is provided for your information only,
and is not meant to be relied upon as a complete or authoritative description
of the terms defined below or of the privacy and/or security ramifications of
the technologies described.
Glossary
add-on
A piece of software that can be added to
&brandShortName; to change its appearance, behavior, or to add new features.
It can also change the language shown in the user interface. See also
extension, language
pack, plugin, and theme.
A stored web page
address (URL) that you can go to easily by clicking a
bookmark icon in the Personal Toolbar or
choosing the bookmark's name from the Bookmarks menu.
A collection of web page copies stored
on your computer's hard disk or in its random-access memory (RAM). The
browser accumulates these copies as you browse the Web. When you click a link
or type a URL to fetch a particular web page for which the
cache already contains a copy, the browser compares the cached copy to the
original. If there have been no changes, the browser uses the cached copy
rather than refetching the original, saving processing and download
time.
caret browsing
A &brandShortName; feature that
allows you to navigate through text in Web pages and email messages (or this
Help window) with a caret. Using your keyboard, you can navigate and select
text like you do in a text editor. You can turn caret browsing mode on or off
by pressing the F7 key. Caret browsing mode can also be enabled or
disabled in Advanced Preferences - Keyboard Navigation.
certificate
The digital equivalent of an ID card.
A certificate specifies the name of an individual, company, or other entity
and certifies that a public key, which is included in the certificate,
belongs to that entity. When you digitally sign a message or other data, the
digital signature for that message is created with the aid of the private key
that corresponds to the public key in your certificate. A certificate is
issued and digitally signed by a certificate
authority (CA). A certificate's validity can be verified by checking
the CA's digital signature. Also called
digital ID, digital passport, public-key certificate, X.509 certificate, and
security certificate. See also public-key
cryptography.
certificate authority (CA)
A service
that issues a certificate after verifying the identity of the person or
entity the certificate is intended to identify. A CA also renews and revokes
certificates and generates a list of revoked certificates at regular
intervals. CAs can be independent vendors or a person or organization using
certificate-issuing server software (such as &brandShortName; Certificate
Management System). See also certificate,
CRL (certificate revocation list).
certificate backup password
A
password that protects a certificate that you are backing up or have
previously backed up. Certificate Manager asks you to set this password when
you back up a certificate, and requests it when you attempt to restore a
certificate that has previously been backed up.
A hierarchical series of
certificates signed by successive certificate authorities. A CA certificate
identifies a certificate authority (CA)
and is used to sign certificates issued by that authority. A CA certificate
can in turn be signed by the CA certificate of a parent CA and so on up to a
root CA.
certificate fingerprint
A unique number associated with a certificate. The number is not part of
the certificate itself but is produced by applying a mathematical function to
the contents of the certificate. If the contents of the certificate change,
even by a single character, the function produces a different number.
Certificate fingerprints can therefore be used to verify that certificates
have not been tampered with.
Certificate
Manager
The part of the browser that allows you to view and manage
certificates. To view the main Certificate Manager window: Open the
&brandShortName;Edit
menu, choose Preferences, click Privacy and Security, and then click Manage
Certificates.
certificate renewal
The process of
renewing a certificate that is about to
expire.
certificate verification
When
Certificate Manager verifies a
certificate, it confirms that the digital signature was created by a CA whose
own CA certificate is both on file with Certificate Manager and marked as
trusted for issuing that kind of certificate. It also confirms that the
certificate being verified has not itself been marked as untrusted. Finally,
if the OCSP (Online Certificate Status Protocol) has been
activated, Certificate Manager also performs an online check. It does so by
looking up the certificate in a list of valid certificates maintained at a
URL that is specified either in the certificate itself or
in the browser's Validation preferences. If any of these checks fail,
Certificate Manager marks the certificate as unverified and won't
recognize the identity it certifies.
Software (such as browser software) that sends
requests to and receives information from a server,
which is usually running on a different computer. A computer on which client
software runs is also described as a client.
A certificate
that a client (such as browser software) presents to a
server to authenticate the identity of the client
(or the identity of the person using the client) using the
SSL (Secure Sockets Layer) protocol. See
also client authentication.
Component Bar
The toolbar located at the bottom
left of any &brandShortName; window. The Component Bar allows you to switch
between &brandShortName; components by clicking icons for Browser,
Mail & Newsgroups, Composer, and so on.
cookie
A small bit of information stored on your
computer by some websites. When you visit such a
website, the website asks your browser to place one or more cookies on your
hard disk. Later, when you return to the website, your browser sends the
website the cookies that belong to it. Cookies help websites keep track of
information about you, such as the contents of your shopping cart. You can set
your cookie preferences to control how cookies are used and how much
information you are willing to let websites store on them. See also
third-party cookie.
Cookie Manager
The part of the browser
that you can use to control cookies.
A list of revoked
certificates that is generated and signed by a
certificate authority (CA). You can
download the latest CRL to your browser or to a server, then check against it
to make sure that certificates are still valid before permitting their use
for authentication.
cryptographic algorithm
A set of
rules or directions used to perform cryptographic operations such as
encryption and
decryption. Sometimes called a
cipher.
cryptography
The art and practice of scrambling
(encrypting) and unscrambling (decrypting) information. For example,
cryptographic techniques are used to scramble an unscramble information
flowing between commercial websites and your browser. See also
public-key cryptography.
decryption
The process of unscrambling data that
has been encrypted. See also encryption.
A code created from both
the data to be signed and the private key of the signer. This code is unique
for each new piece of data. Even a single comma added to a message changes
the digital signature for that message. Successful validation of your digital
signature by appropriate software not only provides evidence that you
approved the transaction or message, but also provides evidence that the data
has not changed since you digitally signed it. A digital signature has
nothing to do with a handwritten signature, although it can sometimes be used
for similar legal purposes. See also
nonrepudiation,
tamper detection.
distinguished name (DN)
A specially
formatted name that uniquely identifies the subject of a
certificate.
Do Not Track
A mechanism that allows users
to inform websites that they do not want to be
tracked by third-party websites and
web applications. A user' tracking
preferences is included in the HTTP header and sent
to the website. &brandShortName; supports sending Do Not Track
requests, but websites are not obligated to honor those.
dual key pairs
Two public-private key
pairs—four keys altogether—corresponding to two separate
certificates. The private key of one pair is used for signing operations, and
the public and private keys of the other pair are used for encryption and
decryption operations. Each pair corresponds to a separate
certificate. See also
public-key cryptography.
eavesdropping
Surreptitious interception of
information sent over a network by an entity for which the information is not
intended.
encrypted password
Used for
password-based authentication
to achieve secure authentication.
The user's password is encrypted before it is sent to the server
(e.g., by methods like CRAM-MD5) to prevent that
anyone eavesdropping on the connection from seeing it in clear text. This
mechanism is frequently used when no secure
connection method is available.
encryption
The process of scrambling information in
a way that disguises its meaning. For example, encrypted connections between
computers make it very difficult for third-parties to unscramble, or
decrypt, information flowing over the connection. Encrypted
information can be decrypted only by someone who possesses the appropriate
key. See also public-key
cryptography.
A private key used for
encryption only. An encryption key and its equivalent private key, plus a
signing key and its equivalent public key,
constitute a dual key pairs.
extension
A type of add-on
that changes the behavior of &brandShortName; or adds new features to
it.
feed
A frequently updated source of references to web
pages, usually blog articles or news. Technically it is an XML document
available through a public well-known URL, comprising of several items inside,
each one containing some metadata (possibly including a summary) and an URL
to the full blog or news article. The XML document is regenerated at fixed
intervals, or whenever a new article is published to the website. Web
applications can subscribe to the URL serving the feed and present the new
articles as they are updated in the underlying XML document. There are
specific XML formats for feeds, most common of which are
RSS and Atom.
A method of
user tracking by which a user is identified
based on browser characteristics like browser and operating system versions,
stated language preferences, or plugins installed.
FIPS PUBS 140-1
Federal Information Processing
Standards Publications (FIPS PUBS) 140-1 is a US government standard for
implementations of cryptographic modules—that is, hardware or software
that encrypts and decrypts data or performs other cryptographic operations
(such as creating or verifying digital signatures). Many products sold to the
US government must comply with one or more of the FIPS standards.
Any application that is
used to open or view a file downloaded by the browser. A
plugin is a special kind of helper application that
installs itself into the Plugins directory of the main browser installation
directory and can typically be opened within the browser itself (internally).
Microsoft Word, Adobe Photoshop, and other external applications are
considered helper applications but not plugins, since they don't
install themselves into the browser directory, but can be opened from the
download dialog box.
home page
The page your browser is set to display
every time you launch it or when you click the Home button. Also used to
refer to the main page for a website, from which you can explore the rest of
the website.
HTML (HyperText Markup Language)
The document format used
for web pages. The HTML standard defines tags, or codes, used to define the
text layout, fonts, style, images, and other elements that make up a web
page.
The secure
version of the HTTP protocol that uses SSL to ensure the
privacy of customer data (such as credit card information) while en route
over the Internet.
IMAP (Internet Message Access Protocol)
A standard mail
server protocol that allows you to store all your messages and any changes to
them on the server rather than on your computer's hard disk. Using IMAP
rather than POP saves disk space and allows you to access
your entire mailbox, including sent mail, drafts, and custom folders, from
any location. Using an IMAP server over a modem is generally faster than
using a POP mail server, since you initially download message headers only.
Not all ISPs support IMAP.
implicit consent
Also known as implied or
opt-out consent. Used to describe privacy settings that may allow
websites to gather information about you (for example by means of
cookies and online forms) unless you explicitly choose
to withhold your consent by selecting an option on a page that the website
provides for that purpose. Your consent may not be requested when the
information is actually gathered. See also user
tracking.
Internet
A worldwide network of millions of computers
that communicate with each other using standard protocols such as
TCP/IP. Originally developed for the US military in
1969, the Internet grew to include educational and research institutions and,
in the late 1990s, millions of businesses, organizations, and individuals.
Today the Internet is used for email, browsing the
World Wide Web (WWW), instant messaging,
usegroups, and many other purposes.
IP address (Internet protocol address)
The address
of a computer on a TCP/IP network. Every computer on
the Internet has an IP address.
Clients have either a permanent IP address or one that
is dynamically assigned to them each time they connect with the network. IP
addresses are written as four sets of numbers, like this: 204.171.64.2.
IRC (Internet Relay Chat)
A protocol used to chat with
other people in real-time using an IRC client.
ISP (Internet Service Provider)
A company/institution
that provides Internet connections.
Java
A programming language developed by Sun
Microsystems. A single Java program can run on many different kinds of
computers, thus avoiding the need for programmers to create a separate
version of each program for each kind of computer. Your browser can
automatically download and run Java programs (also called applets).
JavaScript
A scripting language commonly used to
construct web pages. Programmers use JavaScript to
make web pages more interactive; for example, to display forms and buttons.
JavaScript can be used with Java, but is technically a
separate language. Java is not required for JavaScript to work
correctly.
key
A large number used by a
cryptographic algorithm to encrypt or
decrypt data. A person's public key, for example, allows other people to
encrypt messages to that person. The encrypted messages must be decrypted
with the corresponding private key. See also
public-key cryptography.
Kerberos
A mechanism to use single-signon,
smart cards, or other custom methods to
authenticate access without using
passwords for each individual
service. Used mostly in large enterprise/institutional networks where
authentication is provided by centralized services like
LDAP.
language pack
A type of
add-on that adds a new language to the user interface
of &brandShortName;.
LaTeX
A word processor and document markup language to
typeset documents, widely used in academia. In particular, it provides a
compact plain text syntax to write complex mathematical formulas.
LDAP (Lightweight Directory Access Protocol)
A standard
protocol for accessing directory services, such as corporate address books,
across multiple platforms. You can set up your browser to access LDAP
directories from the Address Book. You can also set up Mail & Newsgroups
to use an LDAP directory for email address autocompletion.
Location Bar
The field (and associated buttons)
near the top of a browser window where you can type a
URL or search terms.
Malware
Short for Malicious
Software and a general term for a variety of software designed
to disrupt computer operation, gather sensitive information, or gain access
to your computer. They can be distributed by infected web
pages or as attachments to email messages. Examples include viruses,
worms, trojans, spyware, or adware. Malware may redistribute itself by
sending out email messages to infect other computers.
master key
A symmetric key used by
Certificate Manager to encrypt
information. For example, Password Manager
uses Certificate Manager and your master key to encrypt email passwords,
website passwords, and other stored sensitive information. See also
symmetric encryption.
master password
A password used by
Certificate Manager to protect the master key and/or private keys stored on a
security device. Certificate Manager needs to
access your private keys, for example, when you sign email messages or use
one of your own certificates to identify yourself to a website. It needs to
access your master key when Password Manager or Form Manager reads or adds to
your personal information. You can set or change your master password from
the Master Passwords preferences panel. Each security device requires a
separate master password. See also private key,
master key.
MathML (Mathematical Markup Language)
The markup
language used to write mathematical notations in
web pages.
Menu Bar
The toolbar at the top
of the screennear the top of any &brandShortName;
window that includes the File, Edit, and View menus.
misrepresentation
Presentation of an entity
as a person or organization that it is not. For example, a website might
pretend to be a furniture store when it is really just a website that takes
credit card payments but never sends any goods. See also
spoofing.
Navigation Toolbar
The toolbar near the top
of the browser window that includes the Back and Forward buttons.
nonrepudiation
The inability, of the sender of
a message, to deny having sent the message. A regular hand-written signature
provides one form of nonrepudiation. A
digital signature provides another.
notification bar
A bar that appears at the
top of the content area to inform you about something that needs your
attention, e.g. when the Password Manager can save a password for you, a
popup has been blocked or an additional plugin is required.
NTLM (NT LAN Manager)
A protocol for
authentication in local networks that is
proprietary to Microsoft Windows. Used mostly in enterprise/institutional
networks.
object signing
A technology that allows
software developers to sign Java code, JavaScript scripts, or any kind of
file, and that allows users to identify the signers and control access by
signed code to local system resources.
object-signing certificate
A
certificate whose corresponding private key is used to sign objects such as
code files. See also object signing.
OCSP (Online Certificate Status Protocol)
A set of rules
that Certificate Manager follows to
perform an online check of a certificate's validity each time the
certificate is used. This process involves checking the certificate against a
list of valid certificates maintained at a specified website. Your computer
must be online for OCSP to work.
OPML (Outline Processor Markup Language)
An XML format
used to list feed collections. Although broader in its
specification, it is mainly used nowadays to export and import feed
collections between different feed aggregators or readers, like
&brandShortName;.
password-based
authentication
Confident identification by means of a name and
password. See also authentication.
Password Manager
The part of the
browser that can help you remember some or all of your names and passwords by
storing them on your computer's hard disk, and entering them for you
automatically when you visit such websites.
Personal Toolbar
The customizable toolbar
that appears just below the location bar by default in the browser. It
contains standard buttons such as Home, Bookmarks, and so on that you can add
or remove. You can also add buttons for your favorite bookmarks, or folders
containing groups of bookmarks.
Phishing
Phishing is a fraudulent business scheme in
which a party creates counterfeit websites, hijacking brand names of banks,
e-retailers and credit card companies, trying to collect victims'
personal information.
PKCS #11
The public-key cryptography standard that
governs security devices such as smart cards. See also
security device, smart
card.
PKCS #11 module
A program on your computer
that manages cryptographic services such as encryption and decryption using
the PKCS #11 standard. Also called cryptographic modules,
cryptographic service providers, or security modules,
PKCS #11 modules control either hardware or software devices. A PKCS #11
module always controls one or more slots, which may be implemented as some
form of physical reader (for example, for reading smart cards) or in
software. Each slot for a PKCS #11 module can in turn contain a
security device (also called token),
which is the hardware or software device that provides cryptographic services
and stores certificates and keys. Certificate
Manager provides two built-in PKCS #11 modules. You may install
additional modules on your computer to control smart card readers or other
hardware devices.
PKI (public-key infrastructure)
The standards and services
that facilitate the use of public-key cryptography and certificates in a
networked environment.
plugin
A type of
helper application that adds new
capabilities to your browser, such as the ability to play audio or video
clips. Unlike other kinds of helper applications, a plugin application
installs itself into the Plugins directory within the main browser
installation directory and typically can be opened within the browser itself
(internally). For example, an audio plugin lets you listen to audio files on
a web page or in an email message. Macromedia Flash
Player and Java are both examples of plugin applications.
POP (Post Office Protocol)
A standard mail server protocol
that requires you to download new messages to your local
computer—although you can choose to leave copies on the server. With
POP, you can store all your messages, including sent mail, drafts, and custom
folders, on one computer only. By contrast,
IMAP allows you to permanently store all your messages
and any changes to them on the server, where you can access them from any
computer. Most ISPs currently support POP.
private browsing
Browsing in a session in
which no private data (like browsing history, cookies,
and cached content) are retained beyond the duration of
the private session. Private browsing should not be confused with anonymous
browsing and does not prevent user tracking or
monitoring of web activity by an internet provider or employer.
private key
One of a pair of
keys used in public-key cryptography. The private key is
kept secret and is used to decrypt data that has been encrypted with the
corresponding public key.
proxy
An intermediary or go-between program that
acts as both a server and a
client for the purpose of making requests on behalf of
other clients.
public key
One of a pair of keys used in public-key cryptography.
The public key is distributed freely and published as part of a
certificate. It is typically used to encrypt data
sent to the public key's owner, who then decrypts the data with the
corresponding private key.
public-key cryptography
A set of
well-established techniques and standards that allow an entity (such as a
person, an organization, or hardware such as a router) to verify its identity
electronically or to sign and encrypt electronic data. Two keys are involved:
a public key and a private
key. The public key is published as part of a
certificate, which associates that key with a
particular identity. The corresponding private key is kept secret. Data
encrypted with the public key can be decrypted only with the private key.
Protection against common threats
from Malware and Phishing by
checking each web page against a list of reported
websites. If the web page you are about to visit has been reported as
containing malicious content, &brandShortName; prevents it from loading
and shows a warning instead.
search engine
A web-based program that allows
users to search for and retrieve specific information from the
World Wide Web (WWW). The search engine may
search the full text of web documents or a list of keywords, or use
librarians who review web documents and index them manually for retrieval.
Typically, the user types a word or phrase, also called a query, into a
search box, and the search engine displays links to relevant web pages.
A connection using
SSL or TLS. All communication between
your computer and the server is encrypted so that
no third party eavesdropping on your connection can read it. Note that the
data is only encrypted during transmission between your client application
and the server, after that it is no longer encrypted. To prove its
authenticity to the client, the server needs to identify itself using a
certificate. A bad certificate can indicate
an attack on the server or the connection, thus it is important to heed
certificate warnings.
Hardware or software that
provides cryptographic services such as encryption and decryption and can
store certificates and keys. A smart card is one
example of a security device implemented in hardware.
Certificate Manager contains its own
built-in security device, called the
software security device, that is
always available while the browser is running. Each security device is
protected by its own master password.
Software (such as software that serves up web
pages) that receives requests from and sends information to a
client, which is usually running on a different
computer. A computer on which server software runs is also described as a
server.
A certificate whose
corresponding private key is used to sign
transmitted data, so that the receiver can verify the identity of the sender.
Certificate authorities (CAs) often issue a signing certificate that will be
used to sign email messages at the same time as an
encryption certificate that will be
used to encrypt email messages. See also dual key
pairs, digital signature.
signing key
A private key used for signing only.
A signing key and its equivalent public key, together with an
encryption key and its equivalent private key,
constitute dual key pairs.
slot
A piece of hardware, or its equivalent in software,
that is controlled by a PKCS #11 module and
designed to contain a security device.
smart card
A small device, typically about the size
of a credit card, that contains a microprocessor and is capable of storing
cryptographic information (such as keys and certificates) and performing
cryptographic operations. Smart cards use the PKCS #11
standard. A smart card is one kind of security
device.
SMTP (Simple Mail Transfer Protocol)
A protocol that
sends email messages across the Internet.
SOCKS
A protocol that a proxy
server can use to accept requests from client users in an internal network
so that it can forward them across the Internet.
software security device
The default
security device used by
Certificate Manager to store private keys
associated with your certificates. In addition to private keys, the software
security device stores the master key used by
Password Manager to encrypt email passwords,
website passwords, and other sensitive information. See also
private key and master
key.
spoofing
Pretending to be someone else. For example,
a person can pretend to have the email address jdoe@mozilla.com, or
a computer can identify itself as a website called www.mozilla.com
when it is not. Spoofing is one form of
misrepresentation.
SSL (Secure Sockets Layer)
A protocol that allows mutual
authentication between a client and a
server for the purpose of establishing an authenticated
and encrypted connection. SSL runs above TCP/IP and
below HTTP, LDAP,
IMAP, NNTP, and other high-level network protocols.
The new Internet Engineering Task Force (IETF) standard called Transport
Layer Security (TLS) is based on SSL. See also
authentication,
encryption.
STARTTLS
An extension to common standard TCP
protocols (like SMTP, POP or IMAP) so the client can tell the server to
use TLS on the same TCP port as for non-secure
connections.
Status Bar
The toolbar that appears at the bottom
of any &brandShortName; window. It includes the
Component Bar on the left and status icons on
the right.
subject
The entity (such as a person, organization,
or router) identified by a certificate. In
particular, the subject field of a certificate contains the certified
entity's subject name and other
characteristics.
An encryption method
that uses a single cryptographic key to both encrypt and decrypt a given
message.
tamper detection
A mechanism ensuring that
data received in electronic form has not been tampered with; that is, that
the data received corresponds entirely with the original version of the same
data.
TCP/IP (Transmission Control Protocol/Internet
Protocol)
A Unix protocol used to connect computers running a variety
of operating systems. TCP/IP is an essential Internet protocol and has become
a global standard.
theme
A type of add-on that changes
the appearance of &brandShortName;.
third-party cookie
A
cookie from one website that
gets stored on your computer when you visit a different website. Sometimes a
website displays content that is hosted on another website. That content can
be anything from an image to text or an advertisement. The second website
that hosts such elements also has the ability to store a cookie in your
browser, even though you don't visit it directly. Also known as
foreign cookie.
TLS
Transport Layer Security (TLS) is the new Internet
Engineering Task Force (IETF) standard based on SSL (Secure Sockets Layer).
See also SSL and
encryption.
A small box with text that appears when
you hover your mouse's cursor over certain items. It usually contains
information regarding the item being hovered over.
trust
Confident reliance on a person or other entity. In
the context of PKI (public-key infrastructure), trust
usually refers to the relationship between the user of a certificate and the
certificate authority (CA) that issued
the certificate. If you use Certificate Manager to specify that you trust a
CA, Certificate Manager trusts valid certificates issued by that CA unless
you specify otherwise in the settings for individual certificates. You use
the Authorities tab in Certificate Manager to specify the kinds of
certificates you do or don't trust specific CAs to issue.
URL (Uniform Resource Locator)
The standardized address
that tells your browser how to locate a file or other resource on the Web.
For example: http://www.mozilla.org. You can type URLs into the
browser's Location Bar to access
web pages. URLs are also used in the links on web
pages that you can click to go to other web pages. Also known as an Internet
address or Web address.
user tracking
Methods that some
websites, including advertisers and analytics services,
employ to determine patterns in how you browse the web (e.g., what websites
you have visited, which preferences you have voiced using buttons embedded by
social networks, and your purchase history). This information is mostly used
to show you specifically targeted offers or advertisements for products or
services. Mechanisms for user tracking include cookies
and browser fingerprinting. See also
Do Not Track.
web application
An application that is not
running on your computer but remotely on a website.
Examples include web-mail systems or web-based systems where you enter
information into a form and receive a response as a web
page. An offline web application can work without a current
connection to the Internet by saving the relevant
pages locally before running the application.
web page
A single document on the World Wide Web that
is specified by a unique address or URL and that may
contain text, hyperlinks, and graphics.
website
A group of related web pages linked by
hyperlinks and managed by a single company, organization, or individual. A
website may include text, graphics, audio and video files, and links to
other websites.
World Wide Web (WWW)
Also known as the Web. A
portion of the Internet that is made up of web pages
stored by web servers and displayed by
clients called web browsers (such as
&brandShortName;).
WPAD (Web Proxy AutoDiscovery)
A proposed Internet
protocol that allows a Web browser to automatically locate and interface
with proxy services in a network.
XML (Extensible Markup Language)
An open standard for
describing data. Unlike HTML, XML allows the developer of
a web page to define special tags. For more information, see the online W3C
document
Extensible Markup Language (XML).
XSLT (Extensible Stylesheet Language Transformation)
A
language used to convert an XML document into another XML document or into
some other format.
XUL (XML User Interface Language)
An XML markup language
for creating user interfaces in applications.