Mozilla today removed support for the SHA-1 algorithm from its Firefox browser. Yesterday researchers from the Netherlands and Google reported they successfully performed an attack on the cryptographic SHA-1 algorithm that is used for secure internet banking and signing of documents.
SHA-1 was already under fire and many other large browser developers already started to phase out the algorithm. Mozilla had also started to disable SHA-1 for a gradually growing group of Firefox users, but today decided to disable it for everyone.
With the release of Firefox 52 (scheduled for March), SHA-1 will no longer be supported by default. According to Mozilla the measure affects users who still visit websites that make use of a SHA-1 certificate. However, according to Mozilla's telemetry this would be less than o.1% of all websites.
