tag:blogger.com,1999:blog-13756280.post115657243021070541..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: I know what you've got (Firefox Extensions)Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-13756280.post-1554584245591973222009-08-17T05:45:16.480-07:002009-08-17T05:45:16.480-07:00its a very very nice blog.its a very very nice blog.icon managerhttp://icontrol.net.au/noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-84872000973636842752009-06-30T15:49:15.584-07:002009-06-30T15:49:15.584-07:00this doesn't work any more. JS Error Console m...this doesn't work any more. JS Error Console marks all references to chrome:// as security risk and is disabled.<br /><br />Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Ubuntu/9.04 (jaunty) Firefox/3.0.11Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-28935099835435963212008-01-23T11:41:00.000-08:002008-01-23T11:41:00.000-08:00I wonder why your code does not detect Greasemonke...I wonder why your code does not detect Greasemonkey although I can access chrome://greasemonkey/content/status_on.gif <BR/><BR/>Which chrome folders are all those images located on Mac OS X and Windows?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-17374389486759209742008-01-23T11:39:00.000-08:002008-01-23T11:39:00.000-08:00To take it even further ...Is there anyway to dete...To take it even further ...<BR/>Is there anyway to detect what Greasemonkey User Scripts are running?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-66024553323956503442007-06-06T04:15:00.000-07:002007-06-06T04:15:00.000-07:00Adblock Plus can help stop scripts from trying to ...Adblock Plus can help stop scripts from trying to detect extensions. See here: http://adblockplus.org/en/faq_internal#protectchromeAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1160874486872430702006-10-14T18:08:00.000-07:002006-10-14T18:08:00.000-07:00No, just detect, not blockNo, just detect, not blockJeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1160726720090336592006-10-13T01:05:00.000-07:002006-10-13T01:05:00.000-07:00what if i wish to block some of these extensions w...what if i wish to block some of these extensions while the user visits my website? is there a way?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1157815901779407912006-09-09T08:31:00.000-07:002006-09-09T08:31:00.000-07:00Seems it's been there for quite sometime and they ...Seems it's been there for quite sometime and they know about it alright:<BR/><BR/>https://bugzilla.mozilla.org/show_bug.cgi?id=292789Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1157810322894144082006-09-09T06:58:00.000-07:002006-09-09T06:58:00.000-07:00@Jeremiah who said:"or uninstall the extension"Thi...@Jeremiah who said:<BR/><BR/>"or uninstall the extension"<BR/><BR/>This is no option, because any available extension can be traced, so one has to uninstall all of them.<BR/><BR/>I'm an extension developer myself, and i think a few measures can be made from our side: not implement the images in the extension, at least that would be a tradeoff, it is possible then to detect on other files in in the extension folder i know. The images are only visible in the extension manager mostly, and are not needed in anyway, one can do without them. <BR/><BR/>It is also possible to detect other files in the extension folder which incorporates other data.<BR/><BR/>The thing i am afraid of is that there could be code flaws in some extensions, and in combination with the detection and some good ajax programming could lead to exploits. <BR/><BR/>And really i have no suggestions how to fix and address this issue, i have questioned other Mozilla developers, and awaiting awnsers.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1156882467754603732006-08-29T13:14:00.000-07:002006-08-29T13:14:00.000-07:00Steph, that's a really good question. First I woul...Steph, that's a really good question. First I would say that if someone knows your extensions that its is a privacy issue, not necessarily a security one. And for the moment the violation is not THAT bad. The only way to prevent detection is to either disable JavaScript, yuck, or uninstall the extension, worse. Running for the hills is of course optional.<BR/><BR/>But when you posed the question what ran through my mind was the future research that has yet to be done that RSnake mentioned. Do FF extensions have security issues that we can take advantage of from JavaScript space? The answer is "I don't know", but again we haven't looked. So maybe this could eventually turn into a security issue in the near future. We'll have to wait and see.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1156879725765682582006-08-29T12:28:00.000-07:002006-08-29T12:28:00.000-07:00Alright, so you know what extensions we're running...Alright, so you know what extensions we're running. Now what do we do about that? Disable extensions? Stop using Firefox? (I know, run for the hills. ;) ) <BR/><BR/>Seriously, what is the next step for the user to stay safe and protect our privacy until mozilla somehow addresses this?Stephttps://www.blogger.com/profile/01724470369790368866noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-1156877483595946042006-08-29T11:51:00.000-07:002006-08-29T11:51:00.000-07:00Have fun ;)"Adblock Filterset.G Updater" : "chrome...Have fun ;)<BR/>"Adblock Filterset.G Updater" : "chrome://unplug/skin/unplug.png",<BR/>"BBCode" : "chrome://bbcode/skin/bbcode.png",<BR/>"BugMeNot" : "chrome://bugmenot/skin/bugmenot.png",<BR/>"ConQuery" : "chrome://conquery/skin/conquery.png",<BR/>"Download Manager Tweak" : "chrome://downloadmgr/skin/downloadIcon.png",<BR/>"Extended Cookie Manager" : "chrome://xcm/content/allowed.png",<BR/>"FireBug" : "chrome://firebug/content/firebug32.png",<BR/>"FoxyTunes" : "chrome://foxytunes/skin/logo.png",<BR/>"MR Tech Disable XPI Install Delay" : "chrome://disable_xpi_delay/content/icon.png",<BR/>"SessionSaver .2" : "chrome://sessionsaver/content/ss.png",<BR/>"spooFX" : "chrome://spoofx/skin/main/spoofx.png",<BR/>"Statusbar Clock" : "chrome://timestatus/skin/icon.png",<BR/>"Torbutton" : "chrome://torbutton/skin/bigbutton_gr.png",<BR/>"UnPlug" : "chrome://unplug/skin/unplug.png",<BR/>"View Source Chart" : "chrome://vrs/skin/vrssmall.png",<BR/>"XPather" : "chrome://xpather/content/iconka.png",Anonymousnoreply@blogger.com