note to self....
Monday, April 24, 2006
Intrusive Firefox Extensions - and other stuff
Fukking Klipper! Goddess save us all, the Advertisers have learned what a browser extension is. Can the spyware spooks and the virus kiddies be far behind?
A little while ago, as Firefox 1.5.0.2 (Linux) was crashing spectacularly on one workstation (vertigo) - and this time w/o the help of any extensions or themes, i might add - I was browsing the prefs.js file for another Firefox install on another workstation (spirit).
The first thing I noticed about the install on spirit (and this would have been true for the vertigo install until I blew away the user profile directory in an effort to get Firefox to quit locking up the X server) is that there are an entire assload of settings that are added by extensions, and (in one case) by something that is not even an extension (I think - still looking at this one).
The next thing I noticed was that certain of the settings contained information about me - or rather, about some things that were on my disc drive.
Some examples - not all of these are "intrusive", I suppose, but most of them are remarkable (in some way), to me:
Interesting - Firefox Edit menu options don't seem to interoperate as expected with the Klipboard tool under KDE - more of Gnomish foolishness.
A little while ago, as Firefox 1.5.0.2 (Linux) was crashing spectacularly on one workstation (vertigo) - and this time w/o the help of any extensions or themes, i might add - I was browsing the prefs.js file for another Firefox install on another workstation (spirit).
The first thing I noticed about the install on spirit (and this would have been true for the vertigo install until I blew away the user profile directory in an effort to get Firefox to quit locking up the X server) is that there are an entire assload of settings that are added by extensions, and (in one case) by something that is not even an extension (I think - still looking at this one).
The next thing I noticed was that certain of the settings contained information about me - or rather, about some things that were on my disc drive.
Some examples - not all of these are "intrusive", I suppose, but most of them are remarkable (in some way), to me:
- user_pref("extensions.lastAppVersion", "1.0");
- This one looks to me like an artifact of a prgramming error, probably in an extension. I mean, 'lastAppVersion' of *what*?
- browser.download.dir
- Well, this one seems to be part of the browser, but how much could an untrusted extension - or even an un-noticed Javascript - learn about the directory structure of the local drive from watching this and, say, browser.download.lastDir ?
- browser.startup.homepage_override.mstone, rv:1.7.12
- What is this? I didn't see it listed - maybe I need to look again...
- extensions.mediaplayerconnectivity.*
- Well, these seem to be heirarchaly correct, but - there are a few like '.playerpls, "/usr/bin/xmms" that could conceivably leak system information to other processes that have access to this file, or even to those who released mediaplayerconnectivity
- fgupdater.*
- The fgupdater creators didn't bother with the 'extensions' prefix ... neither did the flashgot guys, or the gmnotifier guys, or the menux guys - perhaps this is a point of disagreement amongst developers? Or maybe it's already been solved, and something here is obsolete?. More of these found are sessionsaver.*, stumble.*
- gm-notifier.users.default
- ... has my username for the service - and menux.editor.path has '/usr/bin/gedit' - need to change that, since I'm not sure this system even has gedit - isn't that some Gnomish editor thing?
- print.tmp.printerfeatures.printer.*
- A bunch of these - odd, considering this workstation has never known a printer.
- security.*
- Seems like a poor place for things like .warn_viewing_mixed setting - couldn't another app [extension] change the value from, say, "true" to "false"
- stumble.784508.interests
- user_pref("stumble.784508.last_incat", "0");
- user_pref("stumble.784508.last_stumble", "1133658391177");
- user_pref("stumble.784508.last_uploaded", "1133658738236");
- user_pref("stumble.784508.newmessage", false);
- user_pref("stumble.784508.nick", "zerohex");
- user_pref("stumble.784508.password", "eshoog");
- user_pref("stumble.784508.prefetch", true);
- user_pref("stumble.784508.referral_count", "0");
- user_pref("stumble.current_user", "784508");
- Bunch of stuff there I'm not entirely comfortable with .... username, password, secret numeric username [usernumber] ... Hmmm, I might want to rethink my use of the StumbleUpon extension...
- user_pref("update_notifications.provider.0.last_checked", 1129893293);
- Huh?
- user_pref("yahoo.photos.yphLastBrowseDir", "/home/zerohex/Pictures");
- Hmmm. Severe discomfort realizing that I am a Yahoo user, and Yahoo has thin scruples... I don't recall installing any Yahoo firefox extensions, though - I will have to look into that.
Interesting - Firefox Edit menu options don't seem to interoperate as expected with the Klipboard tool under KDE - more of Gnomish foolishness.
Labels: add-ons, extensions, firefox, howto, linux
posted by 0x0000 #
04:37
Sunday, April 23, 2006
Fixing the telnet:// protocol handler in Firefox 1.5.0.2 (Linux)
I had some problems getting Firefox to accept/provide arguments to a protocol handler command entered in the about:config page [see previous post for about:config settings], but I have found a workaround, and posted a HOWTO document about it. See: HOWTO Enable Telnet URI Handling in Firefox.
The gripe here is that telnet://host.name:portnum/ URLs didn't work by default in Firefox. The HOWTO gives a fix.
The gripe here is that telnet://host.name:portnum/ URLs didn't work by default in Firefox. The HOWTO gives a fix.
Labels: bash, config, firefox, hack, howto, linux, protocol, script, telnet, x11, xterm
posted by 0x0000 #
23:30
Firefox about:config settings for telnet: URLs
Register Protocol from the Mozillazine Knowledge Base.
Gecko DOM Reference
About:config entries from the Mozillazine Knowledge Base.
pound-perl perl mongers wiki posting about settings for telnet URL.
Gecko DOM Reference
About:config entries from the Mozillazine Knowledge Base.
pound-perl perl mongers wiki posting about settings for telnet URL.
Labels: config, firefox, gui, hack, howto, linux, x11
posted by 0x0000 #
22:12
Archives
2004/09 2005/03 2005/04 2005/05 2005/06 2005/07 2005/08 2005/09 2005/10 2005/11 2006/01 2006/02 2006/04 2006/05 2006/06 2008/01
Subscribe to Posts [Atom]