homepage Welcome to WebmasterWorld Guest from 54.161.214.221
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
how to tighten up FireFox security
very easy to do - no excuses
amznVibe




msg:1590603
 5:05 am on Aug 1, 2004 (gmt 0)

There are now a couple of security spoofs out there for FireFox.
Unlike IE there is an easy way to catch them that is not often mentioned.

Simply type in about:config into the address bar.

Then search for and change these settings to TRUE

recommended:
disable_window_open_feature.location
disable_window_open_feature.status
disable_window_open_feature.titlebar
disable_window_status_change

optional:
disable_window_move_resize
disable_window_open_feature.close
disable_window_open_feature.directories
disable_window_open_feature.menubar
disable_window_open_feature.minimizable
disable_window_open_feature.personalbar
disable_window_open_feature.resizable
disable_window_open_feature.scrollbars
disable_window_open_feature.toolbar

 

vkaryl




msg:1590604
 8:01 pm on Aug 1, 2004 (gmt 0)

Okay....

My list as above all start with "dom." as in "dom.disable_window_open_feature.location". Is that normal?

Other than tightening security, is resetting the booleans on these values likely to have other effects?

bird




msg:1590605
 9:21 pm on Aug 1, 2004 (gmt 0)

If you go to the "Web Features" page of the Options dialog, the "Advanced..." settings for JavaScript will cover about half of those items:

Move or resize existing windows
Raise or lower windows
Hide the status bar
Change status bar text
Change images

bufferzone




msg:1590606
 9:27 pm on Aug 1, 2004 (gmt 0)

Good post amznVibe, any additional information on what these values does and other useful spoofs and tweaks would be greatly appreciated

amznVibe




msg:1590607
 12:13 am on Aug 2, 2004 (gmt 0)

Bird, I firmly believe that disabling javascript is to be discouraged. Javascript is downright handy for webmasters. I'm sorry it's being abused but there are ways to limit it's abuse without taking away some of it's more benificial features.

Stefan




msg:1590608
 1:02 am on Aug 2, 2004 (gmt 0)

Great stuff, amznVibe.

I had some of them done... just worked my way through the rest, changing things to "true".

I shouldn't drift off topic, but try typing about:config into the address bar of IE...

Firefox rules, man. I'm looking forward to 1.0

amznVibe




msg:1590609
 1:12 am on Aug 2, 2004 (gmt 0)

My apologies to Bird, just re-read his post and now I realize he is not disabling Javascript, he was pointing out the extra settings under "advanced" which might be a little easier to access.

and I missed some questions, sorry:

I took off "dom" to make it easier to read / search for. Yes, "dom" is how each setting really starts in the "about:config" page.

I didn't really go into what each setting does because I thought it was self-explanitory, but maybe not?

disable_window_status_change
"don't allow scripts to tamper with the window status"

disable_window_open_feature.status
"Prevent the Status bar from being disabled"

disable_window_open_feature.titlebar
"don't allow new windows to be opened without a titlebar"

disable_window_open_feature.location
"don't allow windows to hide the location bar"

If you google these you can find many more options and explanations.

[edited by: amznVibe at 1:30 am (utc) on Aug. 2, 2004]

vkaryl




msg:1590610
 1:23 am on Aug 2, 2004 (gmt 0)

Thanks, amznvibe - I wasn't sure about the "dom." thing, though I did think it was probably okay.

Otherwise, I was just wondering if there were "unlisted" results for those. But looks like they're just what they say they are, so fine by me, and thanks!

Chndru




msg:1590611
 12:41 pm on Aug 2, 2004 (gmt 0)

Thanks amznvibe & bird. It works!

nalin




msg:1590612
 2:25 pm on Aug 2, 2004 (gmt 0)

Just out of curiousity...

Why? If you using firefox (and likely have dabbled with a handful of other open source programs), and you realize you like the browser, and you realize that your system is a virus waiting to happen why not head over to Gentoo Linux [gentoo.org] (feel free to substitute a Distribution [distrowatch.org] of your choice here), and install it.

Most webmaster types will reply that they need internet explorer or office or dreamweaver and such. I agree wholeheartedly - and whats more these are all compatible with wine (free but necessitates a fair amont of configuration time) and crossover office (its a commercial software that eliminates the time prerequisite). Alternativly there are open sourced counterparts for all save dreamweaver (there is no WYSIWYG equivalent better then mozilla editor which certainly is not the caliber of dreamweavers). Webmasters, particularly those giving mozilla a shot also tend to need apache, mysql, sendmail (or postfix or qmail), and a host of other programs which run (faster or better or best or) only under a unix type platform, but few seem to remeber these when choosing an OS.

I dont know - I dont mean to rant here and it is a noble goal to secure your system, in this case however it seems a bandaid on a bullet hole (and if your reading this thread you atleast suspect it to be a bullet hole). I dont run an antivirus (I wasnt aware one existed until recently), nor a firewall, nor adware removing deamons, nor the slu of other resource hogs I tend to need to run in the office - because I am free. And this morning - freedom feels great.

amznVibe




msg:1590613
 2:40 pm on Aug 2, 2004 (gmt 0)

But it is a rant, and people are not going to stop their daily productivity to install and master linux to get basic tasks done. Linux is not ready for desktop use for the mainstream, period. Makes no difference that it is "technically better".

So rather than convert the world, it's easier to save a few folks with what they have in a few seconds, rather than a few days.

Last but not least it's been proven that Linux does have holes, they are just more obscure and less popular to virus and trojan writters. There is no perfect environment other than being aware and alert to what's going on (and backup, backup, backup).

(counter-rant complete :) )

let's return to Mozilla security fixes (which are for both Windows and Linux btw)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved