[K12OSN] Firefox security problems to be aware of
Stephen Smoogen
smoogen at lanl.gov
Mon Aug 2 20:21:18 UTC 2004
Just a heads up from someone reading other lists. There are a couple of
problems with firefox dealing with being spoofed by .xul webpages and
some other SSL issues (havent had time to see if they are connected.)
The .xul issue is that firefox will render .xul in a way that can
completely fakeout your browsers look and feel (ie trojan your desktop).
Thunderbird may also be affected in parts. I am not sure of the
complete implications but I can see new avenues for porn/spam and
definately loss of privacy.
At the moment, I havent seen much on the 'what to do' other than make
.xul a prohibited item in your squid proxy. Hopefully the firefox people
will figure out a way to do this safely.
There was also mention that there is a way to make mozilla/firefox to
only allow javascript from trusted sites. At the moment it can only be
done by editing the old prefs.js file.. and they didnt mention what
needed to be changed :).
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- "We cannot have a free government without elections; and if the
-- rebellion could force us to forgo, or postpone, a national election,
-- it might fairly claim to have already conquered us." Abraham Lincoln
More information about the K12OSN
mailing list