Firefox 3 Alpha Blocks Malware, Secures Plug-in Updates

转载 2007年09月26日 10:41:00

Mozilla Corp. updated the preview of Firefox 3.0 to alpha 8 Thursday, unveiling for the first time to users several security features it's talked up for months.

Among the security provisions debuting in the new alpha of "Gran Paradiso," the code name for Firefox 3.0, are built-in anti-malware warnings and protection against rogue extension updates, according to documentation Mozilla posted to its Web site.

The malware blocker, which was first mocked up in June, will block Web sites thought to contain malicious downloads. The feature, a companion to the phishing site alert system in the current Firefox 2.0, will use information provided by Google Inc. to flag potentially-dangerous sites, warn anyone trying to reach those URLs with Firefox and automatically block access to the site.

Mozilla also pointed to a URL that demonstrates the new malware blocker for alpha 8 users.

Also taking a bow is a check meant to prevent plug-ins' automatic updates from sending users to malicious sites where they might be infected by attack code or drive-by downloads.

Firefox relies on small plug-ins -- called "extensions" in the Mozilla vernacular -- for much of its power and flexibility. Several thousand extensions have been written, the vast bulk of them by outside developers, that do everything from boost browsing speed to block irritating Flash animations. Firefox regularly checks to see if the installed extensions are up to date, and if not, automatically pulls in the newest version and installs it.

"Firefox automatically checks for updates to add-ons using a URL specified in the add-on's install manifest," Mozilla spells out in a developer's document. "Currently there are no requirements placed on these URLs. In particular, [they are not] required to be https. This allows either the update manifest or the update package to be compromised, potentially resulting in the injection of malicious updates. A demonstration of one form of compromise is already public."

Most extensions are hosted on Mozilla's own servers -- at the servers feeding its Add-ons site -- but some are not; it's those off-site extensions that Mozilla wants to lock down.

To stymie attacks through a compromised extension update, Mozilla will require updates -- both the actual update package and the much smaller "manifest," or notification of an update -- to be delivered over an SSL-secured connection. Or the update must be digitally signed.

The change doesn't affect the initial installation of an extension, something Mozilla recognized. "[This] has no impact on the security of initial add-on installs," it told developers in the online guide.

This newest preview, which can be downloaded in versions for Windows, Mac OS X and Linux from the Mozilla site, still comes with a warning to end users. "Alpha 8 is intended for Web application developers and our testing community. Current users of Mozilla Firefox should not use Gran Paradiso Alpha 8," the browser's release notes.

Mozilla has not officially committed to a release date for the final version of Firefox 3.0.


eclipse下配置python时出现Unable to load the repository的错误

今天本着学习的态度,在ubuntu 12.04下配置python环境,不料在开始阶段: 点击Help->Install New Software… 在弹出的对话框中,点Add 按钮。 Name...
  • u011016879
  • u011016879
  • 2016年08月02日 10:34
  • 1067

Android Malware Analysis

This document collects papers that are related with Android Malware analysis.
  • wcventure
  • wcventure
  • 2018年01月21日 19:40
  • 104

错误记录--安装Flex Builder 3 Plug-in到eclipse出现的错误

安装Flex Builder 3 Plug-in到eclipse出现的错误,我用的eclipse是自带有WTP功能的。其实下面已经告诉你解决办法了。this installation can stil...
  • xinxin19881112
  • xinxin19881112
  • 2011年01月18日 01:35
  • 1856

IObit Malware Fighter Pro(恶意软件清除工具)官方注册版V5.5.0.4388下载 | iobit malware fighter激活码

IObit Malware Fighter Pro 是来自Iobit公司开发研制的一款先进的恶意软件清除工具,依靠庞大的病毒特征码库配合超强的BitDefender杀毒引擎以及启发式恶意软件检测方式,...
  • wllssss
  • wllssss
  • 2018年01月23日 20:23
  • 60

文献笔记 《DroidMat : Android Malware Detection through Manifest and API Calls Tracing 》

文献引用:  Wu D J, Mao C H, Wei T E, et al. DroidMat: Android Malware Detection through Manifest and AP...
  • Xbalien29
  • Xbalien29
  • 2014年02月07日 11:50
  • 2787

malware analysis 实战

NO.1Honeynet Scan of the Month 32 AnalysisAuthor: Chris Eagle, cseagle at nps d0t eduAnswers to the ...
  • iiprogram
  • iiprogram
  • 2006年04月27日 02:56
  • 2537

Mozilla Firefox 3 Alpha 5 RC2

 Firefox 3旨在改进内存操作、性能和稳定性,改进XUL和新核心组件等。当前已经准备进入Alpha 3阶段,这个版本是Alpha 3 Pre,已经解决了部分网页兼容性问题。下载页面:http:...
  • Penlee
  • Penlee
  • 2007年06月10日 21:27
  • 706


1.预备知识  Malware Defender是一款 HIPS (主机入侵防御系统)软件,用户可以自己编写规则来防范病毒、木马的侵害。另外,Malware Defender提供了很多有效的工具...
  • qq_20336817
  • qq_20336817
  • 2014年12月04日 22:13
  • 583

eclipse安装aptana stadio 3 plugin插件

登录aptana官网: 选择eclipse plugin
  • waysoflife
  • waysoflife
  • 2014年04月18日 18:53
  • 948

malware自动化分析 https:...
  • cnbird2008
  • cnbird2008
  • 2015年05月29日 18:25
  • 1764
您举报文章:Firefox 3 Alpha Blocks Malware, Secures Plug-in Updates