Avast WEBforum
Other => General Topics => Topic started by: polonus on April 30, 2010, 08:01:10 PM
-
Hi malware fighters,
Nice to have, the obtrusive javascript checker also checking all inline events and line them out with info:
https://addons.mozilla.org/en-US/firefox/addon/9505
More info on the three flaws of this checker and what it checks here:
http://www.ajaxwith.com/Obtrusive-JavaScript-Checker.html
Why these events could mean a threat? Malicious Internet users could use the onclick event in combination with another function called "createElement" to create an IFrame, or "inline frame," which is an HTML element that allows external objects to be inserted into another HTML document. Attackers could link the IFrame to a malicious Web page that downloaded a malicious file to the user's computer when the page was clicked on, without generating a warning in the Information bar,
polonus
-
Hi malware fighters,
My NoScript forum friend, dhouwn, alerted me to this extension, given even more info:
https://addons.mozilla.org/en-US/firefox/addon/9640
polonus
-
I wish you could hurry your friends at no-script to complete the Chrome add-on. :)
-
Hi bob3160,
That can be a long time. GoogleChrome does not have that full functionality and blocked the use of certain functionality to extension developers because that would interfere with their main basis of income, which is user tracking to serve you with ads. The GoogleChrome browser could be viewed upon as one big user keylogger,
polonus
-
Hi bob3160,
That can be a long time. GoogleChrome does not have that full functionality and blocked the use of certain functionality to extension developers because that would interfere with their main basis of income, which is user tracking to serve you with ads. The GoogleChrome browser could be viewed upon as one big user keylogger,
polonus
Can't quite agree with you considering that it's considered safer than IE and Firefox. :)
-
Hi bob3160,
That can be a long time. GoogleChrome does not have that full functionality and blocked the use of certain functionality to extension developers because that would interfere with their main basis of income, which is user tracking to serve you with ads. The GoogleChrome browser could be viewed upon as one big user keylogger,
polonus
Can't quite agree with you considering that it's considered safer than IE and Firefox. :)
it is safer than IE, not too difficult but are we talking malware breaking into the browser or common spyware here ??? concerning malware, yeah, according to many converging analysis found in misc articles, it seems rather safe (especially due to its sandboxing abilities)...but the thing is also that whatever extension you add to Chrome, there's no way yet to prevent massive tracking from ad servers when using Chrome, because as has been mentioned above, Google has blocked the API to prevent external devs from implementing real ad blockers or javascript control extensions. DoubleClick won't break your system that's right...but I hate it, even running in the background while pseudo ad blocking extensions are just hiding the ads with so much crap traffic running in the background (run fiddler and see for yourself; then compare to ABP in FF). Same for javascript, Chrome will let you allow all or nothing. And you got to allow something, at least the main site, otherwise links won't work etc...the result is that you are forced to allow everything. Hey ads can be blocked too with NoScript in Firefox, ad servers being javascript happy...and Google doesn't want that either.
Remains the hosts file solution...
This being said one must be careful not to forget that without ads there's no free internet, and no Google either btw...rejecting ads the way we do (and I belong to that "we") can have a boomerang effect >>> web sites with paid access, that's a danger that shouldn't be ignored.
-
is compatible with firefox 3.6?
-
is compatible with firefox 3.6?
What do you mean?
asyn
-
is compatible with firefox 3.6?
What do you mean?
asyn
yeah Llanzel forgot to quote something, he's probably referring to the topic of this thread, the extension to check javascript pages >>> if the extension is old and hasn't been updated, you might get a "not compatible with 3.6 message", in which case you can change that by modifying the rtf file found in the xpi archive. Download it instead of installing it, modify it (the maximum version line), then drag and drop the modified version into the add-ons panel.
-
is compatible with firefox 3.6?
What do you mean?
asyn
yeah Llanzel forgot to quote something, he's probably referring to the topic of this thread, the extension to check javascript pages >>> if the extension is old and hasn't been updated, you might get a "not compatible with 3.6 message", in which case you can change that by modifying the rtf file found in the xpi archive. Download it instead of installing it, modify it (the maximum version line), then drag and drop the modified version into the add-ons panel.
Exactly, thanks Logos