Adblock Plus and (a little) more

Speaking of IE security... · 2007-01-12 14:49 by Wladimir Palant

I recently linked to an article stating that users of Internet Explorer have been exposed to known critical vulnerabilities for 284 days last year. That sounds bad enough but unfortunately it is not all.

Read more Comment [4]

Tags: off-topic security

AMO moving into the right direction · 2007-01-12 02:21 by Wladimir Palant

Thanks to morgamic for telling me this, I probably wouldn’t have noticed otherwise — Addons.Mozilla.Org has made a first move towards raising the quality bar. The autogenerated spyware-infested Conduit-based toolbars have been disabled, all 93 of them. Any new submissions will be automatically rejected. Way to go, AMO!

Read more Comment [7]

Tags: mozilla security

Firefox security: the real picture · 2007-01-05 12:37 by Wladimir Palant

I have seen many people complaining about how Firefox is no more secure than Internet Explorer. Usually this impression comes up when people read the long lists of security bugs fixed with every maintenance release. Since I have reported a few security bugs myself and could observe how Mozilla deals with those, I knew well that Firefox is still incomparably more secure than Internet Explorer — and now there is proof. Internet Explorer Unsafe for 284 Days in 2006 has the data.

Read more Comment [11]

Tags: mozilla security

No good deed goes unpunished · 2006-12-04 00:19 by Wladimir Palant

I started a little experiment — downloaded all extensions from addons.mozilla.org (AMO), unpacked them and tried to find security holes by searching for specific strings. As expected, it wasn’t all too difficult, one can easily find a dozen vulnerable extensions in an hour, and that not even accounting for the fact that there is a certain unpopular class of extensions on AMO all sharing the same buggy code. The only reason I didn’t hit all too many high profile extensions was that I was going through the extensions in alphabetical order instead of going by popularity.

Read more Comment [7]

Tags: mozilla security

What happened to the promised spam solution? · 2006-11-23 17:35 by Wladimir Palant

Do you still remember? Sometime in the beginning of year 2004 Bill Gates promised us to take care of the spam problem by 2006. It was big in the news all over the world.

Read more Comment [11]

Tags: off-topic security

"Don't mail us unless you are in the US" · 2006-08-06 21:23 by Wladimir Palant

I am back from my vacation and working through all the mail I got in the two weeks. Amongst others I found a funny email bounce for the forum’s confirmation message: “We are not aware of anyone in Germany needing to email us”.

Read more Comment [5]

Tags: private security

Adblock security hole closed - but not by Adblock devs [updated] · 2006-06-18 22:46 by Wladimir Palant

A while back I mentioned two security holes I found in Adblock (bug 338114, access is restricted). Both are pretty stupid programming mistakes and can be fixed trivially. Luckily recent security improvements in Firefox prevent one of the bugs from being exploited. The other is wide open however and can potentially allow malicious web sites to gain control over your computer.

Read more Comment

Tags: adblock security