Firefox not so safe?

[empty]

Hey. im an avid firefox user and i would never consider changing it however i was shocked to find that when i was browsing a site that it tried to get me to download sbc_netscape.xpi . its weird that the spam companies have already started to alter their ways to affect firefox users as well. sorry if this is random it was just the first time ive encountered this.

[dreamthief]

sbc_netscape.xpi huh? It's not surprising since Firefox is getting the highlights since CERN's recommendations.

I'm using firefox myself. Never did see eye to eye with the developers' decision to implement XPI. It's just quite similar to ActiveX just not that popular.

Let's just see how the fully implemented XPI management in Firefox 1.0 goes. If not, we would just see Firefox as vulnerable as IE.

[empty]

sbc_netscape.xpi huh? It's not surprising since Firefox is getting the highlights since CERN's recommendations.

I'm using firefox myself. Never did see eye to eye with the developers' decision to implement XPI. It's just quite similar to ActiveX just not that popular.

Let's just see how the fully implemented XPI management in Firefox 1.0 goes. If not, we would just see Firefox as vulnerable as IE.

thats thats what ive began to realise. personally i dont use firefox because it does away with activex, i just love tabs and find it a lot faster.

[GNRambo]

uh oh here come the firefox fan boys come!! the ground is shakin!!! ahhh stampede /me jumps in bush

[Michael1406]

In my opinion Firefox should have the ability to disable and enable things like ActiveX and XPI at will. It would make things a lot easier for everyone. And if disabled as default, security for beginners to Firefox would be high without them worrying. :)

[dreamthief]

In my opinion Firefox should have the ability to disable and enable things like ActiveX and XPI at will. It would make things a lot easier for everyone. And if disabled as default, security for beginners to Firefox would be high without them worrying. :)

Yes they do have it. It's in the development stages, you can see the changes in the nightly builds.

[Pink Floyd Veteran]

hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi?

can't say the same with ie based browser that sometimes install it w/o asking you

and also btw, on recent nightly, nothing can be installed unless you set the site into the trusted site :)

THAT'S security

cheers

[empty]

hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi?

can't say the same with ie based browser that sometimes install it w/o asking you

and also btw, on recent nightly, nothing can be installed unless you set the site into the trusted site :)

THAT'S security

cheers

hey dont get all fanboy with me, ive been on this site before i had firefox and the site asked me if i wanted to install activex controls, there is no difference between the two browsers except that i got more information about what i was abeing asked to install in IE.

[Ivand]

but at least you was being asked :rolleyes:

[Pink Floyd Veteran]

sorry empty, I didnt want you to feel you mad

however, if you like FF, you should get lastest built.. it's very secure

[empty]

yeah i intend to. however i think that there should be more info on any xpi that wants to install so that i know who makes it etc.

[beanboy89]

Can't you disable Firefox form installing softwere?

Tools > Options > Advanced > Software Update > Allow web sites to install software

[IceDogg]

That's what I was thinking about too.

[Marshalus Veteran]

* Moved to Mozilla forum

[Maxious]

yes its netscape spyware... THAT SPYS ON INTERNET EXPLORER BROWSING (no joke!)

and im pretty sure this was fixed for 0.9 (xpi installation request on load)

known about it for ages tho.

edit: yep fixed for 0.9 - http://bugzilla.mozilla.org/show_bug.cgi?id=238684

[AcdShdw]

xpi was a stupid idea, now its everywhere

[+virtorio MVC]

I still feel there are going to be some major security problems with XPI in the future, especially when people who don't know any better will happily click "Yes" to anything.

[kitteny_berk]

IMHO firefox has been a little glorified, it's by no means a more secure/safer browser than IE.

in reality it's more likely that all of the holes in FF haven't been found/exploited yet, but then, being open source, it'll get sorted/patched far faster.

[bangbang023 Veteran]

hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi?

can't say the same with ie based browser that sometimes install it w/o asking you

same with IE 6 sp2. You have to verify all installs.

[Fotix]

This issue was somewhat fixed before 0.9 came out. And 1.0 will bring a whitelist where the only XPIs that can be installed are from update.mozilla.org or other Mozilla Foundation approved sites and that's it unless you manually edit the list to add other sites.

So scumware peddling douchebags can give up by time the end of the year rolls around. Or whenever it is that most people are using the whitelisted version.

[BlinkCarRacer]

Hey this is a little offtopic but to do with Firefox/Mozilla nonetheless. Can someone PM me and tell me how to make "Open in New Tab" the default over "Open in New Window"?

[empty]

Hey this is a little offtopic but to do with Firefox/Mozilla nonetheless. Can someone PM me and tell me how to make "Open in New Tab" the default over "Open in New Window"?

https://www.neowin.net/forum/index.php?showtopic=195924

two threads down ;)

[elliot]

IMO XPI install's should be disabled by default and only allow whitelisted sites (update.mozilla.org) to even ask you if you want to install the software. The average user will never need an extension from anywhere but this site.

[gflores]

I agree with ^ post.

I think XPI installations are very safe, and it's cool that they have a few seconds delay. Also, I believe they have removed XPI install when a website loads.

[boomn]

IMO XPI install's should be disabled by default and only allow whitelisted sites (update.mozilla.org) to even ask you if you want to install the software. The average user will never need an extension from anywhere but this site.

Uh, isn't that exactly what the above posts are saying will happen?