Comments on: Spyware takes aim at Mozilla browsers

As the Firefox browser grows in popularity, some security experts believe it will attract its own type of spyware.

Add a Comment (Log in or register) (7 Comments)

There already is spyware for Firefox...

by hion2000 February 9, 2005 4:52 PM PST

...but it requires social engineering to work.

Unlike Internet Explorer, there aren't any known security vulnerabilities that can cause spyware to be installed on your website simply by viewing a malicious webpage. As such, spyware can only be installed through Firefox using the XPI system.

Firefox automatically blocks any incoming links to an XPI (except for Mozilla's own site) and displays a very visible warning above the page you are viewing. If users really want to run the XPI file, they have to manually unblock the link, and try the link again. Even after that, Firefox will still ask you if you really do wish to install the XPI, and mentions that it could be damaging. In addition, there's a two second delay where the install button is disabled, to make sure that you read the warning message.

As such, spyware can only be installed by social engineering (and even then, should only happen to the more gullible users).

Like this Reply to this comment

Good to hear
by February 10, 2005 6:29 AM PST: Although I wouldnt call it a hole or a flaw. If you were REALLY good at social engineering you could also theoretically get people to send you their IP Address, Username and Passwords for their computer...; Like this

Firefox 1.0 has vulnerability

by February 13, 2005 11:13 AM PST

Please note that there is sadly a weakness with Firefox 1.0 and it should not have been released without this corrected:

- Bookmarks can vanish suddenly - you need a technical experience to back your folders. The bookmarks that are there get jumbled in the folders.

I suffered because of this and lost nearly all the
bookmarks. Sadly there is not any assistance on the forums or ability of novice or technical possibility of getting these.

Like this Reply to this comment

Email client, Thunderbird 1.0 has vulnerabilty also
by February 13, 2005 11:27 AM PST: Also Mozilla Foundation, that produced Firefox also has an email client, Thunderbird, competing with Outlook. This too sadly has a vulnerability.

- Your email messages, even if you delete them, will not get deleted, they are just invisible, this can be a problem later, I have read. You need to click Compact on the menus.

I tried Compacting but there is not a proper system, the Compact process message just does not turn off. There is not any way of telling has the Compacting being done or not.

There is not any help for novices if this happens.; Like this View reply Hide reply
Processing

Sorry to hear 'bout bookmarks
by sanenazok February 14, 2005 10:12 PM PST: To back them up just do a search on your 'puter for bookmarks.htm. You might need to turn on searching for hidden files.

You can also read about backups here:
http://kb.mozillazine.org/Firefox_:_Tips_:_Backup
Or if you want a forum:
http://www.techzonez.com/forums/archive/index.php/t-12005.html; Like this View reply Hide reply
Processing

(7 Comments)

Latest tech news headlines

Ciena buys Nortel's Metro Ethernet business
Posted in Signal Strength by Marguerite Reardon

November 24, 2009 7:47 AM PST
New standard lets browsers get a grip on files
Posted in Deep Tech by Stephen Shankland

November 24, 2009 7:38 AM PST
Nokia trims R&D staff in Japan
Posted in News - Wireless by Lance Whitney

November 24, 2009 7:12 AM PST
See all headlines