• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
erebus

Query about Firefox

3 posts in this topic

I was just wondering if anyone knew whether having the box "Allow websites to install software" checked in my Firefox settings was putting me at any risk.

 

I am using Firefox now after receiving much advice to dispense with IEXPLORE.

 

Thank you.

Share this post


Link to post
Share on other sites
I was just wondering if anyone knew whether having the box "Allow websites to install software" checked in my Firefox settings was putting me at any risk.

 

I am using Firefox now after receiving much advice to dispense with IEXPLORE.

 

Thank you.

Not really.

 

First you must understand that Firefox allows you to install extensions whenever you click on a file/link with the extension xpi. Doing so will popup a dialog option box (after a 3 second delay), giving you an option to install it.

 

You can totally disable installing of extensions by unchecking the box that "Allow websites to install software", but it will mean you can't install any extensions.

This is the equivalent of setting xpinstall.enabled to false btw.

 

By and large extensions are harmless but some people have found that certain sites try to make you install malware via the xpi extension system. But there are several safeguards against that.

 

 

1) You still have to accept before anything is installed.

 

 

2) By default there is a 3 second delay (adjustable) before you can accept. This is designed to prevent people from just pressing yes without thinking. Also, if by some chance, websites find an exploit that allow them to install without you accepting , they will still have to flash up the dialog box wait 3 seconds, which gives you some warning that something is amiss. Unlike IE, where the popup is opened and accepted instantly before the user notices.

 

3) In Firefox 0.8, xpi installation popups could occur automatically, whenever you enter a website (onload), but with 0.9, it will only occur when you explicitly click on it (much like normal popups)

 

4) In the upcoming 1.0, there will be a blacklist/while list of site which are approved sites to allow extension downloads, this will provide even more protection from dubious sites trying to push extensions.

 

Still if you are paranoid, turning xpi installations off whenever you don't intend to install extensions is a viable option.

Edited by Paranoid

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0