Can Mozilla-Based Browsers be Hijacked?

Chibi Merrow asks: "Matt Hartley in his latest GnomeReport speaks of supposed browser hijacker programs that are now targeting Mozilla FireFox instead of IE. While this is in a way cool (since that means the browser's now considered mainstream), it's also hard to believe. It doesn't help that his article is very light on details. Now there have been some discussion about spyware masquerading as valid extensions; but they require user intervention to install. Most people think of a browser hijack as something that automatically installs itself. Has anyone ever encountered an actual self installing browser hijacker/spyware program that has targeted Mozilla Firefox, or is this a bunch of FUD?"

Re:IE is part of Windows

[sql*kitten]

it uses Windows' SSL whereas Mozilla has its own SSL

Actually, this is exactly contrary to SSL philosophy. When asked "why doesn't SSL/SSH do such-and-such", developers reply that they want to concentrate on the crypto layer and other applications can use that layer to provide their own services (for example, sftp is layered on top of ssh, VNC uses ssh to provide its crypto, etc). So, there's one crypto system to maintain and patch, not two or even n.

It's Unix philosphy too, building useful things from small tools that do one thing well. The Mozilla people lost sight of that pure vision LONG ago, and reimplemented everything from scratch. Kinda missing the point of libraries altogether.