Since release 24, Firefox supports Transport Layer Security (TLS) 1.2. However, in with standard settings Firefox does not yet enable TLS 1.2 but just uses the old Secure Socket Layer (SSL) 3.0 and TLS 1.0 standard. The SSL 3.0 and TLS 1.0 standards are vulnerable to the so called BEAST attacks.
You can change that behaviour by changing the following settings in the about:config page of Firefox:
security.tls.version.min 0
security.tls.version.max 3
The numbers are codes for the different SSL/TLS versions:
0 - SSL 3.0
1 - TLS 1.0
2 - TLS 1.1
3 - TLS 1.2
Even if the older SSL 3.0 and TLS 1.0 standards are vulnerable, it usually is not useful to disable it as a lot of webservers do not yet support the newer TLS 1.1 or TLS 1.2 standards. It would no longer be possible to connect to such sites if security.tls.version.min would be set to 2 or 3.
