Welcome to WebmasterWorld Guest from 107.20.20.39

Forum Moderators: incrediBILL

Message Too Old, No Replies

how to tighten up FireFox security

very easy to do - no excuses

   
5:05 am on Aug 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



There are now a couple of security spoofs out there for FireFox.
Unlike IE there is an easy way to catch them that is not often mentioned.

Simply type in about:config into the address bar.

Then search for and change these settings to TRUE

recommended:
disable_window_open_feature.location
disable_window_open_feature.status
disable_window_open_feature.titlebar
disable_window_status_change

optional:
disable_window_move_resize
disable_window_open_feature.close
disable_window_open_feature.directories
disable_window_open_feature.menubar
disable_window_open_feature.minimizable
disable_window_open_feature.personalbar
disable_window_open_feature.resizable
disable_window_open_feature.scrollbars
disable_window_open_feature.toolbar

8:01 pm on Aug 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Okay....

My list as above all start with "dom." as in "dom.disable_window_open_feature.location". Is that normal?

Other than tightening security, is resetting the booleans on these values likely to have other effects?

9:21 pm on Aug 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you go to the "Web Features" page of the Options dialog, the "Advanced..." settings for JavaScript will cover about half of those items:

Move or resize existing windows
Raise or lower windows
Hide the status bar
Change status bar text
Change images

9:27 pm on Aug 1, 2004 (gmt 0)

10+ Year Member



Good post amznVibe, any additional information on what these values does and other useful spoofs and tweaks would be greatly appreciated
12:13 am on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Bird, I firmly believe that disabling javascript is to be discouraged. Javascript is downright handy for webmasters. I'm sorry it's being abused but there are ways to limit it's abuse without taking away some of it's more benificial features.
1:02 am on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Great stuff, amznVibe.

I had some of them done... just worked my way through the rest, changing things to "true".

I shouldn't drift off topic, but try typing about:config into the address bar of IE...

Firefox rules, man. I'm looking forward to 1.0

1:12 am on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My apologies to Bird, just re-read his post and now I realize he is not disabling Javascript, he was pointing out the extra settings under "advanced" which might be a little easier to access.

and I missed some questions, sorry:

I took off "dom" to make it easier to read / search for. Yes, "dom" is how each setting really starts in the "about:config" page.

I didn't really go into what each setting does because I thought it was self-explanitory, but maybe not?

disable_window_status_change
"don't allow scripts to tamper with the window status"

disable_window_open_feature.status
"Prevent the Status bar from being disabled"

disable_window_open_feature.titlebar
"don't allow new windows to be opened without a titlebar"

disable_window_open_feature.location
"don't allow windows to hide the location bar"

If you google these you can find many more options and explanations.

[edited by: amznVibe at 1:30 am (utc) on Aug. 2, 2004]

1:23 am on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks, amznvibe - I wasn't sure about the "dom." thing, though I did think it was probably okay.

Otherwise, I was just wondering if there were "unlisted" results for those. But looks like they're just what they say they are, so fine by me, and thanks!

12:41 pm on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks amznvibe & bird. It works!
2:25 pm on Aug 2, 2004 (gmt 0)

10+ Year Member



Just out of curiousity...

Why? If you using firefox (and likely have dabbled with a handful of other open source programs), and you realize you like the browser, and you realize that your system is a virus waiting to happen why not head over to Gentoo Linux [gentoo.org] (feel free to substitute a Distribution [distrowatch.org] of your choice here), and install it.

Most webmaster types will reply that they need internet explorer or office or dreamweaver and such. I agree wholeheartedly - and whats more these are all compatible with wine (free but necessitates a fair amont of configuration time) and crossover office (its a commercial software that eliminates the time prerequisite). Alternativly there are open sourced counterparts for all save dreamweaver (there is no WYSIWYG equivalent better then mozilla editor which certainly is not the caliber of dreamweavers). Webmasters, particularly those giving mozilla a shot also tend to need apache, mysql, sendmail (or postfix or qmail), and a host of other programs which run (faster or better or best or) only under a unix type platform, but few seem to remeber these when choosing an OS.

I dont know - I dont mean to rant here and it is a noble goal to secure your system, in this case however it seems a bandaid on a bullet hole (and if your reading this thread you atleast suspect it to be a bullet hole). I dont run an antivirus (I wasnt aware one existed until recently), nor a firewall, nor adware removing deamons, nor the slu of other resource hogs I tend to need to run in the office - because I am free. And this morning - freedom feels great.

2:40 pm on Aug 2, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



But it is a rant, and people are not going to stop their daily productivity to install and master linux to get basic tasks done. Linux is not ready for desktop use for the mainstream, period. Makes no difference that it is "technically better".

So rather than convert the world, it's easier to save a few folks with what they have in a few seconds, rather than a few days.

Last but not least it's been proven that Linux does have holes, they are just more obscure and less popular to virus and trojan writters. There is no perfect environment other than being aware and alert to what's going on (and backup, backup, backup).

(counter-rant complete :) )

let's return to Mozilla security fixes (which are for both Windows and Linux btw)