Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Mozilla-Based Browsers be Hijacked?

Posted by Cliff on from the any-exploits-out-there dept.

Chibi Merrow asks: "Matt Hartley in his latest GnomeReport speaks of supposed browser hijacker programs that are now targeting Mozilla FireFox instead of IE. While this is in a way cool (since that means the browser's now considered mainstream), it's also hard to believe. It doesn't help that his article is very light on details. Now there have been some discussion about spyware masquerading as valid extensions; but they require user intervention to install. Most people think of a browser hijack as something that automatically installs itself. Has anyone ever encountered an actual self installing browser hijacker/spyware program that has targeted Mozilla Firefox, or is this a bunch of FUD?"

5 of 102 comments (clear)

  1. IE is part of Windows by Gary+Destruction · · Score: 4, Informative

    That in of itself makes it more insecure. I mean, it uses Windows' SSL whereas Mozilla has its own SSL. It has Windows remember passwords whereas Mozilla has a password manager. Mozilla just being a stand alone app makes it safer in that regard. And even a recent exploit caused by an issue with file extension spoofing vulnerability was an issue only with IE. Mozilla still showed the file's name in its entirety.

  2. Yes, i've seen it by Joff_NZ · · Score: 5, Informative

    www.crack-locater.com tries to get you to install a couple of .xpi extensions into Mozilla... I naturally clicked "Cancel", so I couldn't tell you what they did...

    --
    The revolution will not be televised. It won't be on a friggin blog either
    1. Re:Yes, i've seen it by Joff_NZ · · Score: 5, Informative

      Yes, you're right.. it was a misspelling, the site in question is www.crack-locator.com
      Guess I should have checked that

      --
      The revolution will not be televised. It won't be on a friggin blog either
    2. Re:Yes, i've seen it by gazbo · · Score: 5, Informative

      Here we go: I manually downloaded and unpacked the XPI file, to see the JS installer and an exe. Here's what AVG had to say about it.

  3. Only thing I've seen... by J'raxis · · Score: 4, Informative

    I've only come across a couple of porn sites that try to install something using the XPI facility, but you get prompted to install it. It was amidst a rats' nest of other dialogs popping up (not "popup" windows, just dialogs asking me to install extensions to handle all kinds of exotic filetypes and JavaScript alert() boxes), so I almost missed it.

    --
    Liberty in your lifetime