Jump to content


Photo

Query about Firefox


  • Please log in to reply
2 replies to this topic

#1 erebus

erebus

    Non-practising serial killer

  • Full Member
  • Pip
  • 9 posts

Posted 04 July 2004 - 06:23 AM

I was just wondering if anyone knew whether having the box "Allow websites to install software" checked in my Firefox settings was putting me at any risk.

I am using Firefox now after receiving much advice to dispense with IEXPLORE.

Thank you.

#2 Paranoid

Paranoid

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 533 posts

Posted 04 July 2004 - 10:51 AM

I was just wondering if anyone knew whether having the box "Allow websites to install software" checked in my Firefox settings was putting me at any risk.

I am using Firefox now after receiving much advice to dispense with IEXPLORE.

Thank you.

Not really.

First you must understand that Firefox allows you to install extensions whenever you click on a file/link with the extension xpi. Doing so will popup a dialog option box (after a 3 second delay), giving you an option to install it.

You can totally disable installing of extensions by unchecking the box that "Allow websites to install software", but it will mean you can't install any extensions.
This is the equivalent of setting xpinstall.enabled to false btw.

By and large extensions are harmless but some people have found that certain sites try to make you install malware via the xpi extension system. But there are several safeguards against that.


1) You still have to accept before anything is installed.


2) By default there is a 3 second delay (adjustable) before you can accept. This is designed to prevent people from just pressing yes without thinking. Also, if by some chance, websites find an exploit that allow them to install without you accepting , they will still have to flash up the dialog box wait 3 seconds, which gives you some warning that something is amiss. Unlike IE, where the popup is opened and accepted instantly before the user notices.

3) In Firefox 0.8, xpi installation popups could occur automatically, whenever you enter a website (onload), but with 0.9, it will only occur when you explicitly click on it (much like normal popups)

4) In the upcoming 1.0, there will be a blacklist/while list of site which are approved sites to allow extension downloads, this will provide even more protection from dubious sites trying to push extensions.

Still if you are paranoid, turning xpi installations off whenever you don't intend to install extensions is a viable option.

Edited by Paranoid, 06 July 2004 - 11:38 AM.

Please note that the software I recommend above is entirely based on only my own experience and testing. In no way should my comments,opinions and endorsements be construed as an endorsement by the forum, nor do they reflect the advise or recommendations by the experts or helpers at spywareinfo.


#3 erebus

erebus

    Non-practising serial killer

  • Full Member
  • Pip
  • 9 posts

Posted 05 July 2004 - 05:51 AM

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button