by hirantha
Thu, May 20 2010 20:05
Electronic Frontier Foundation (EFF) has published a paper on browsers being tracked by it's unique fingerprint. It turns out our browsers are more unique than we would like to think they are so it is possible for websites to track users around using the unique fingerprint. While it may not be possible to know the exact user's identity, tracking from one web location to another is definitely a possibility. User agent string, system fonts, screen resolutions and much more of the computer attributes all contributes to the unique fingerprint of computer + browser combination. Disabling Javascript and active contents help with this a little bit but you need to decide whether privacy is worth losing the ability to view the active content.
To test how unique your computer + browser combination, goto https://panopticlick.eff.org/ and click on the "Test Me" button.
Full paper can be found at https://panopticlick.eff.org/browser-uniqueness.pdf
by hirantha
Thu, July 16 2009 10:26
The Mozilla security blog confirms an exploit against an unpatched vulnerability Firefox 3.5 exists and has been made public.
Do note that Heisse tried to confirm the vulnerability and only managed a crash on Vista and can't seem to make it work on Windows 7 RC1
http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
The mozilla blog above has a workaround by temporary disabling the javascript.options.jit.content setting in about:config
Alternatively one could install and use NoSCript to disable all javascript by default.
by hirantha
Thu, June 18 2009 14:59
WOT stands for Web Of Trust, it is a community knowledge based system where information on websites are shared. After installing the add-on, the links from search engines are tagged with extra symbols showing whether the site's "reputation" level. Very simple to understand, red means potentially bad site and green means good site.
WOT is available for both Firefox and IE . If you choose to use it, remember to contribute back to the project back by helping to rate sites as you visit them.
by hirantha
Fri, March 27 2009 22:49
In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vulnerability has been published which involves XSL Transforms. This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers.
Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1
A proof-of-concept exploit for the XSL Transform vulnerability has been released. If the attack succeeds, arbitrary code can be run in the context of the browser. If the attack fails, a DoS condition is likely for the browser.
For more information about the XSL Transform issue, see:
BugTraq
Secunia Advisory
VUPEN Advisory
Bugzilla Entry
Mozilla Security Blog
