Author Topic: Firefox users targeted by rare piece of malware  (Read 15694 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Firefox users targeted by rare piece of malware
« Reply #15 on: December 06, 2008, 07:52:51 PM »
Hi FwF,

Like to help you there. Firefox with the NoScript add-on installed and running has NEVER been vulnerable - zero times. In spite of all the patches, all known vulnerabilities did not apply to Firefox + NoScript. That is why I do not understand why a similar concept has never been brought aboard Firefox by default or inside Internet Explorer. Giorgio Maone's extensions has not failed once.
And what the reason is this has not materialized long ago for the users of browsers, I think we never will get the real answers, but it makes you wonder, does not it?

polonus

Because it's a pain in the arse having to allow/disallow scripts on every single website my friend that's why. Also the reason why i avoid NoScript like the devil. I believe i am not the only one that feels that way. ;D

+1

No, you're not.  ;D
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Firefox users targeted by rare piece of malware
« Reply #16 on: December 06, 2008, 07:53:53 PM »
Hi darth_mikey,

Where script and similar malicious active code is the main culprit of disaster, why then cannot they invent something that runs in the background and does a similar good job just only for the malware and riskware code bits and bytes, a bit like ABP, real silently in the background?

I have ABP and aside of the clicks for updates and subscriptions it never annoyed me. We should seek a cross-breed of ABP's Pallant and NoScript's Maone, I think with Request Policy with the baddies blocked you could get quite far,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

faust

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #17 on: December 06, 2008, 10:10:33 PM »
Hi FwF,

Like to help you there. Firefox with the NoScript add-on installed and running has NEVER been vulnerable - zero times. In spite of all the patches, all known vulnerabilities did not apply to Firefox + NoScript. That is why I do not understand why a similar concept has never been brought aboard Firefox by default or inside Internet Explorer. Giorgio Maone's extensions has not failed once.
And what the reason is this has not materialized long ago for the users of browsers, I think we never will get the real answers, but it makes you wonder, does not it?

polonus

Because it's a pain in the arse having to allow/disallow scripts on every single website my friend that's why. Also the reason why i avoid NoScript like the devil. I believe i am not the only one that feels that way. ;D

Yeah, and it's also a pain in the arse to put on a condom with every single person you have sex with.

Life's hard. 

ardvark

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #18 on: December 06, 2008, 10:25:18 PM »
Yeah, and it's also a pain in the arse to put on a condom with every single person you have sex with.

Life's hard.

Hi...

That's because the Lord has designed this aspect of life differently. Sexual intercourse is (and was) meant for married couples only. :)

Best Regards...

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Firefox users targeted by rare piece of malware
« Reply #19 on: December 07, 2008, 12:51:43 AM »
Hi ardvark,

To stay on topic, you can do a lot as a user to lockdown your Firefox browser to make it more secure:
Firefox exposes the the filesystem through the file:// URI, the configuration through the about:config URI, and finally it exposes the file system through resource://. Others have experienced similiar problems locking down firefox. Fortunately, the solution to this is a bit of javascript that uses regular expression to block URI types that are unwanted. This should be placed in the browser.js file which can be extracted from firefox's browser.jar archive.

  if (location.match(/^file:/) ||
    location.match(/^\//) ||
    location.match(/^chrome:/) ||
    location.match(/^resource:/) ||
    (!location.match(/^about:blank/) &&
    location.match(/^about:/))) {
    loadURI("about:blank");
    }

The browser.js file goes here: chrome/chromeFiles/content/browser.js

It is also possible to disable other unwanted protocols by adding the following lines to prefs.js

user_pref("network.protocol-handler.external.snews", false);
user_pref("network.protocol-handler.external.news", false);
user_pref("network.protocol-handler.external.irc", false);
user_pref("network.protocol-handler.external.mail", false);
user_pref("network.protocol-handler.external.mailto", false);

In order to completely disable the filepicker I edited the file filepicker.xul and commented out all the lines contained in the dialog tag. This was needed in order to ensure that users could not see the filesystem when picking a helper application or if they tried to run javascript from a website. A good example of this is the attachment button in most webmail applications. With these lines commented out only a blank window will be shown.

Further steps were required to lockdown firefox. The prefs.js, userChrome.css and history.dat files were made read-only and owned by root to prevent users from changing preferences in the event they somehow got access to those files. Making history.dat read-only prevents any history from being saved and ensures that features like URL saving in the URL entry bar are disabled permanently.

Finally, a few tweaks were made to the prefs.js file these are outlined below. Note these only include tweaks that were made directly using about:config other changes were made in the graphical configuration. Typeahead, cache, history, etc... were disabled. The homepage was set, etc...

user_pref("accessibility.typeaheadfind.autostart", false);
user_pref("applications.rlogin", "");
user_pref("applications.rlogin_with_user", "");
user_pref("applications.telnet", "");
user_pref("applications.tmp_dir, "");
user_pref("applications.tn3270", "");
user_pref("browser.cache.disk.enable", false);
user_pref("browser.cache.memory.enable", false);
user_pref("browser.throbber.url", "http://www.uwaterloo.ca");
user_pref("network.cookie.enableForCurrentSessionOnly", true);
user_pref("security.warn_entering_secure", false);
user_pref("security.warn_entering_secure.show_once", false);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_entering_weak.show_once", false);
user_pref("security.warn_leaving_secure", false);
user_pref("security.warn_leaving_secure.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.warn_submit_insecure.show_once", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show-once", false);
user_pref("update_notifications.enabled", false);
user_pref("browser.urlbar.autocomplete.enabled", false);
user_pref("browser.urlbar.showPopup", false);
user_pref("browser.urlbar.showSearch", false);
user_pref("extensions.kioskreset.inactivity.seconds", 600);

So there is a lot we can do as an educated user to tweak our Fx browser to make it more secure,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Sesame

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #20 on: December 07, 2008, 05:04:53 AM »
It is also possible to disable other unwanted protocols by adding the following lines to prefs.js

user_pref("network.protocol-handler.external.snews", false);
user_pref("network.protocol-handler.external.news", false);
user_pref("network.protocol-handler.external.irc", false);
user_pref("network.protocol-handler.external.mail", false);
user_pref("network.protocol-handler.external.mailto", false);

In order to completely disable the filepicker I edited the file filepicker.xul and commented out all the lines contained in the dialog tag. This was needed in order to ensure that users could not see the filesystem when picking a helper application or if they tried to run javascript from a website. A good example of this is the attachment button in most webmail applications. With these lines commented out only a blank window will be shown.

Further steps were required to lockdown firefox. The prefs.js, userChrome.css and history.dat files were made read-only and owned by root to prevent users from changing preferences in the event they somehow got access to those files. Making history.dat read-only prevents any history from being saved and ensures that features like URL saving in the URL entry bar are disabled permanently.

Finally, a few tweaks were made to the prefs.js file these are outlined below. Note these only include tweaks that were made directly using about:config other changes were made in the graphical configuration. Typeahead, cache, history, etc... were disabled. The homepage was set, etc...

user_pref("accessibility.typeaheadfind.autostart", false);
user_pref("applications.rlogin", "");
user_pref("applications.rlogin_with_user", "");
user_pref("applications.telnet", "");
user_pref("applications.tmp_dir, "");
user_pref("applications.tn3270", "");
user_pref("browser.cache.disk.enable", false);
user_pref("browser.cache.memory.enable", false);
user_pref("browser.throbber.url", "http://www.uwaterloo.ca");
user_pref("network.cookie.enableForCurrentSessionOnly", true);
user_pref("security.warn_entering_secure", false);
user_pref("security.warn_entering_secure.show_once", false);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_entering_weak.show_once", false);
user_pref("security.warn_leaving_secure", false);
user_pref("security.warn_leaving_secure.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.warn_submit_insecure.show_once", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show-once", false);
user_pref("update_notifications.enabled", false);
user_pref("browser.urlbar.autocomplete.enabled", false);
user_pref("browser.urlbar.showPopup", false);
user_pref("browser.urlbar.showSearch", false);
user_pref("extensions.kioskreset.inactivity.seconds", 600);

So there is a lot we can do as an educated user to tweak our Fx browser to make it more secure,

pol

For less "educated users," there are some addons which do these jobs through more accessible interfaces, too.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Firefox users targeted by rare piece of malware
« Reply #21 on: December 07, 2008, 09:23:25 AM »
ardvark said:

Quote
Hi...

That's because the Lord has designed this aspect of life differently. Sexual intercourse is (and was) meant for married couples only. Smiley

Best Regards...

I have said before ... I say again ... I regret these statements of religion as a response to comments in these forums.  I believe they have no place here ... I believe they may be offensive to those not sharing the religious beliefs of the poster, those not sharing the same religion as the poster or those who believe the the deity of the poster does not exist. 

Very simply ... they add no value to the support of avast users.  If repeated I will ask the moderators for their judgment.     

YoKenny

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #22 on: December 07, 2008, 09:34:01 AM »
ardvark said:

Quote
Hi...

That's because the Lord has designed this aspect of life differently. Sexual intercourse is (and was) meant for married couples only. Smiley

Best Regards...

I have said before ... I say again ... I regret these statements of religion as a response to comments in these forums.  I believe they have no place here ... I believe they may be offensive to those not sharing the religious beliefs of the poster, those not sharing the same religion as the poster or those who believe the the deity of the poster does not exist. 

Very simply ... they add no value to the support of avast users.  If repeated I will ask the moderators for their judgment.     
Hear! Hear!

Hard_ROCKER

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #23 on: December 07, 2008, 09:35:19 AM »
ardvark said:

Quote
Hi...

That's because the Lord has designed this aspect of life differently. Sexual intercourse is (and was) meant for married couples only. Smiley

Best Regards...

I have said before ... I say again ... I regret these statements of religion as a response to comments in these forums.  I believe they have no place here ... I believe they may be offensive to those not sharing the religious beliefs of the poster, those not sharing the same religion as the poster or those who believe the the deity of the poster does not exist. 

Very simply ... they add no value to the support of avast users.  If repeated I will ask the moderators for their judgment.    

+1

I feel the same as alanrf ...

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Firefox users targeted by rare piece of malware
« Reply #24 on: December 07, 2008, 02:22:28 PM »
advark's comment may not have added anything to this subject however,
faust could also have also chosen a different analogy.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Hard_ROCKER

  • Guest
Re: Firefox users targeted by rare piece of malware
« Reply #25 on: December 07, 2008, 03:35:42 PM »
advark's comment may not have added anything to this subject however,
faust could also have also chosen a different analogy.  :)

You are correct as usual my friend ;)
« Last Edit: December 07, 2008, 03:38:33 PM by darth_mikey »