[K12OSN] Firefox security problems to be aware of

Stephen Smoogen smoogen at lanl.gov
Mon Aug 2 20:21:18 UTC 2004


Just a heads up from someone reading other lists. There are a couple of 
problems with firefox dealing with being spoofed by .xul webpages and 
some other SSL issues (havent had time to see if they are connected.) 

The .xul issue is that firefox will render .xul in a way that can
completely fakeout your browsers look and feel (ie trojan your desktop).  
Thunderbird may also be affected in parts.  I am not sure of the
complete implications but I can see new avenues for porn/spam and 
definately loss of privacy.

At the moment, I havent seen much on the 'what to do' other than make 
.xul a prohibited item in your squid proxy. Hopefully the firefox people 
will figure out a way to do this safely.

There was also mention that there is a way to make mozilla/firefox to 
only allow javascript from trusted sites. At the moment it can only be 
done by editing the old prefs.js file.. and they didnt mention what 
needed to be changed :).

-- 
Stephen John Smoogen		smoogen at lanl.gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- "We cannot have a free government without elections; and if the
-- rebellion could force us to forgo, or postpone, a national election,
-- it might fairly claim to have already conquered us." Abraham Lincoln





More information about the K12OSN mailing list