|how to tighten up FireFox security|
very easy to do - no excuses
There are now a couple of security spoofs out there for FireFox.
Unlike IE there is an easy way to catch them that is not often mentioned.
Simply type in about:config into the address bar.
Then search for and change these settings to TRUE
My list as above all start with "dom." as in "dom.disable_window_open_feature.location". Is that normal?
Other than tightening security, is resetting the booleans on these values likely to have other effects?
Move or resize existing windows
Raise or lower windows
Hide the status bar
Change status bar text
Good post amznVibe, any additional information on what these values does and other useful spoofs and tweaks would be greatly appreciated
Great stuff, amznVibe.
I had some of them done... just worked my way through the rest, changing things to "true".
I shouldn't drift off topic, but try typing about:config into the address bar of IE...
Firefox rules, man. I'm looking forward to 1.0
and I missed some questions, sorry:
I took off "dom" to make it easier to read / search for. Yes, "dom" is how each setting really starts in the "about:config" page.
I didn't really go into what each setting does because I thought it was self-explanitory, but maybe not?
"don't allow scripts to tamper with the window status"
"Prevent the Status bar from being disabled"
"don't allow new windows to be opened without a titlebar"
"don't allow windows to hide the location bar"
If you google these you can find many more options and explanations.
[edited by: amznVibe at 1:30 am (utc) on Aug. 2, 2004]
Thanks, amznvibe - I wasn't sure about the "dom." thing, though I did think it was probably okay.
Otherwise, I was just wondering if there were "unlisted" results for those. But looks like they're just what they say they are, so fine by me, and thanks!
Thanks amznvibe & bird. It works!
Just out of curiousity...
Why? If you using firefox (and likely have dabbled with a handful of other open source programs), and you realize you like the browser, and you realize that your system is a virus waiting to happen why not head over to Gentoo Linux [gentoo.org] (feel free to substitute a Distribution [distrowatch.org] of your choice here), and install it.
Most webmaster types will reply that they need internet explorer or office or dreamweaver and such. I agree wholeheartedly - and whats more these are all compatible with wine (free but necessitates a fair amont of configuration time) and crossover office (its a commercial software that eliminates the time prerequisite). Alternativly there are open sourced counterparts for all save dreamweaver (there is no WYSIWYG equivalent better then mozilla editor which certainly is not the caliber of dreamweavers). Webmasters, particularly those giving mozilla a shot also tend to need apache, mysql, sendmail (or postfix or qmail), and a host of other programs which run (faster or better or best or) only under a unix type platform, but few seem to remeber these when choosing an OS.
I dont know - I dont mean to rant here and it is a noble goal to secure your system, in this case however it seems a bandaid on a bullet hole (and if your reading this thread you atleast suspect it to be a bullet hole). I dont run an antivirus (I wasnt aware one existed until recently), nor a firewall, nor adware removing deamons, nor the slu of other resource hogs I tend to need to run in the office - because I am free. And this morning - freedom feels great.
But it is a rant, and people are not going to stop their daily productivity to install and master linux to get basic tasks done. Linux is not ready for desktop use for the mainstream, period. Makes no difference that it is "technically better".
So rather than convert the world, it's easier to save a few folks with what they have in a few seconds, rather than a few days.
Last but not least it's been proven that Linux does have holes, they are just more obscure and less popular to virus and trojan writters. There is no perfect environment other than being aware and alert to what's going on (and backup, backup, backup).
(counter-rant complete :) )
let's return to Mozilla security fixes (which are for both Windows and Linux btw)