empty Posted July 27, 2004 Share Posted July 27, 2004 Hey. im an avid firefox user and i would never consider changing it however i was shocked to find that when i was browsing a site that it tried to get me to download sbc_netscape.xpi . its weird that the spam companies have already started to alter their ways to affect firefox users as well. sorry if this is random it was just the first time ive encountered this. Link to comment Share on other sites More sharing options...
dreamthief Posted July 27, 2004 Share Posted July 27, 2004 sbc_netscape.xpi huh? It's not surprising since Firefox is getting the highlights since CERN's recommendations. I'm using firefox myself. Never did see eye to eye with the developers' decision to implement XPI. It's just quite similar to ActiveX just not that popular. Let's just see how the fully implemented XPI management in Firefox 1.0 goes. If not, we would just see Firefox as vulnerable as IE. Link to comment Share on other sites More sharing options...
empty Posted July 27, 2004 Author Share Posted July 27, 2004 sbc_netscape.xpi huh? It's not surprising since Firefox is getting the highlights since CERN's recommendations.I'm using firefox myself. Never did see eye to eye with the developers' decision to implement XPI. It's just quite similar to ActiveX just not that popular. Let's just see how the fully implemented XPI management in Firefox 1.0 goes. If not, we would just see Firefox as vulnerable as IE. thats thats what ive began to realise. personally i dont use firefox because it does away with activex, i just love tabs and find it a lot faster. Link to comment Share on other sites More sharing options...
GNRambo Posted July 27, 2004 Share Posted July 27, 2004 uh oh here come the firefox fan boys come!! the ground is shakin!!! ahhh stampede /me jumps in bush Link to comment Share on other sites More sharing options...
Michael1406 Posted July 27, 2004 Share Posted July 27, 2004 In my opinion Firefox should have the ability to disable and enable things like ActiveX and XPI at will. It would make things a lot easier for everyone. And if disabled as default, security for beginners to Firefox would be high without them worrying. :) Link to comment Share on other sites More sharing options...
dreamthief Posted July 27, 2004 Share Posted July 27, 2004 In my opinion Firefox should have the ability to disable and enable things like ActiveX and XPI at will. It would make things a lot easier for everyone. And if disabled as default, security for beginners to Firefox would be high without them worrying. :) Yes they do have it. It's in the development stages, you can see the changes in the nightly builds. Link to comment Share on other sites More sharing options...
Pink Floyd Veteran Posted July 27, 2004 Veteran Share Posted July 27, 2004 hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi? can't say the same with ie based browser that sometimes install it w/o asking you and also btw, on recent nightly, nothing can be installed unless you set the site into the trusted site :) THAT'S security cheers Link to comment Share on other sites More sharing options...
empty Posted July 27, 2004 Author Share Posted July 27, 2004 hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi?can't say the same with ie based browser that sometimes install it w/o asking you and also btw, on recent nightly, nothing can be installed unless you set the site into the trusted site :) THAT'S security cheers hey dont get all fanboy with me, ive been on this site before i had firefox and the site asked me if i wanted to install activex controls, there is no difference between the two browsers except that i got more information about what i was abeing asked to install in IE. Link to comment Share on other sites More sharing options...
Ivand Posted July 27, 2004 Share Posted July 27, 2004 but at least you was being asked :rolleyes: Link to comment Share on other sites More sharing options...
Pink Floyd Veteran Posted July 27, 2004 Veteran Share Posted July 27, 2004 sorry empty, I didnt want you to feel you mad however, if you like FF, you should get lastest built.. it's very secure Link to comment Share on other sites More sharing options...
empty Posted July 27, 2004 Author Share Posted July 27, 2004 yeah i intend to. however i think that there should be more info on any xpi that wants to install so that i know who makes it etc. Link to comment Share on other sites More sharing options...
beanboy89 Posted July 27, 2004 Share Posted July 27, 2004 Can't you disable Firefox form installing softwere? Tools > Options > Advanced > Software Update > Allow web sites to install software Link to comment Share on other sites More sharing options...
IceDogg Posted July 27, 2004 Share Posted July 27, 2004 That's what I was thinking about too. Link to comment Share on other sites More sharing options...
Marshalus Veteran Posted July 28, 2004 Veteran Share Posted July 28, 2004 * Moved to Mozilla forum Link to comment Share on other sites More sharing options...
Maxious Posted July 28, 2004 Share Posted July 28, 2004 yes its netscape spyware... THAT SPYS ON INTERNET EXPLORER BROWSING (no joke!) and im pretty sure this was fixed for 0.9 (xpi installation request on load) known about it for ages tho. edit: yep fixed for 0.9 - http://bugzilla.mozilla.org/show_bug.cgi?id=238684 Link to comment Share on other sites More sharing options...
AcdShdw Posted July 28, 2004 Share Posted July 28, 2004 xpi was a stupid idea, now its everywhere Link to comment Share on other sites More sharing options...
+virtorio MVC Posted July 28, 2004 MVC Share Posted July 28, 2004 I still feel there are going to be some major security problems with XPI in the future, especially when people who don't know any better will happily click "Yes" to anything. Link to comment Share on other sites More sharing options...
kitteny_berk Posted July 28, 2004 Share Posted July 28, 2004 IMHO firefox has been a little glorified, it's by no means a more secure/safer browser than IE. in reality it's more likely that all of the holes in FF haven't been found/exploited yet, but then, being open source, it'll get sorted/patched far faster. Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted July 28, 2004 Veteran Share Posted July 28, 2004 hey buddy, did you ever noticed that FireFox ASKED you to install this .xpi?can't say the same with ie based browser that sometimes install it w/o asking you same with IE 6 sp2. You have to verify all installs. Link to comment Share on other sites More sharing options...
Fotix Posted July 28, 2004 Share Posted July 28, 2004 This issue was somewhat fixed before 0.9 came out. And 1.0 will bring a whitelist where the only XPIs that can be installed are from update.mozilla.org or other Mozilla Foundation approved sites and that's it unless you manually edit the list to add other sites. So scumware peddling douchebags can give up by time the end of the year rolls around. Or whenever it is that most people are using the whitelisted version. Link to comment Share on other sites More sharing options...
BlinkCarRacer Posted July 28, 2004 Share Posted July 28, 2004 Hey this is a little offtopic but to do with Firefox/Mozilla nonetheless. Can someone PM me and tell me how to make "Open in New Tab" the default over "Open in New Window"? Link to comment Share on other sites More sharing options...
empty Posted July 28, 2004 Author Share Posted July 28, 2004 Hey this is a little offtopic but to do with Firefox/Mozilla nonetheless. Can someone PM me and tell me how to make "Open in New Tab" the default over "Open in New Window"? https://www.neowin.net/forum/index.php?showtopic=195924 two threads down ;) Link to comment Share on other sites More sharing options...
elliot Posted July 28, 2004 Share Posted July 28, 2004 IMO XPI install's should be disabled by default and only allow whitelisted sites (update.mozilla.org) to even ask you if you want to install the software. The average user will never need an extension from anywhere but this site. Link to comment Share on other sites More sharing options...
gflores Posted July 28, 2004 Share Posted July 28, 2004 I agree with ^ post. I think XPI installations are very safe, and it's cool that they have a few seconds delay. Also, I believe they have removed XPI install when a website loads. Link to comment Share on other sites More sharing options...
boomn Posted July 29, 2004 Share Posted July 29, 2004 IMO XPI install's should be disabled by default and only allow whitelisted sites (update.mozilla.org) to even ask you if you want to install the software. The average user will never need an extension from anywhere but this site. Uh, isn't that exactly what the above posts are saying will happen? Link to comment Share on other sites More sharing options...
Recommended Posts