Cryptography

Besides the options you can manage as a user in the Settings dialogs, LibreWolf also comes with some improvements under the hood compared to Firefox. For example, the browser disables SHA-1 certificates because the underlying algorithm has known security vulnerabilities. By default, LibreWolf also uses HTTPS-only mode, so that strong transport encryption is always enabled when calling up web pages.

Additionally, the software integrates protection against homographic attacks, where attackers use similar-looking characters in domain names to lure users to fake websites. The browser blocks content that uses a certificate and fails digital signature validation with an OCSP responder. However, this setting can be modified in the LibreWolf category of the Settings dialog [3].

Features

Where possible, the developers have removed distracting elements from the browsing experience. For example, LibreWolf disables annoying automatic playback of multimedia content provided on numerous websites by default. LibreWolf also relentlessly blocks sponsored content and VPN ads from Mozilla. In addition, you are protected against pop-up windows and what can often be annoying suggestions and advertisements when you enter search keys in the address bar. This means that you can focus on the actual content.

The LibreWolf project explicitly advises against using the software instead of the Tor Browser in the context of the Tor network. Although both web browsers are based on Mozilla Firefox, the Tor Browser has some settings explicitly adapted to the Tor network. The different configuration of LibreWolf, in conjunction with the Tor network, can open security holes that allow attackers to remove the anonymity of the respective user and spy on their browsing behavior.

Conclusions

LibreWolf removes a lot of tedious configuration work for users who value security and privacy. The browser already enables most of the security options in the default settings, whereas you have to enable them manually in Firefox in various settings dialogs. The developers have also completely removed other options in LibreWolf from the outset, such as telemetry settings, which security-conscious users must first disable in Firefox. Users won't miss out on new features, because the browser follows Mozilla in terms of updates, and extensions are fully compatible. All told, LibreWolf is a far better choice for security-conscious friends of the Mozilla browser.