Q: These items do automatic self-updates without user control, notice or consent (general). These boys back to their corporate masters over unencrypted http.
Due no ssl certs or something like this is let users using these extensions in a dangerous position because of things like DNS spoofing. There is no control of the hosts . Its all based on domain names, which are known to use problem.
If you helped the community and what things addons.mozilla.org whitelist Firefox default setup then your fine. These things are (mostly) immune to such problems.
Corporate Donors
Re:Originally posted by: guy
Originally posted by: guy
I've got quite a few installed. This is my lappy:
1. AdBlock Plus
2. Adblock Filterset.G Updater
3. Adblock Plus: Element Hiding Helper
4. CookieSafe
5. Fasterfox
6. FlashGot
7. Foxmarks Bookmark Synchronizer
8. Greasemonkey
9. NoScript
10. Reload Every
If you're using a recent version of ABP, the Filterset.G Updater is obsolete…the built in subscription mechanism is much better IMO.
Yep, I'm using the latest ABP. Thanks for the heads up. 
Dog Training Master Class
Re:Originally posted by: guy
I've got quite a few installed. This is my lappy:
1. AdBlock Plus
2. Adblock Filterset.G Updater
3. Adblock Plus: Element Hiding Helper
4. CookieSafe
5. Fasterfox
6. FlashGot
7. Foxmarks Bookmark Synchronizer
8. Greasemonkey
9. NoScript
10. Reload Every
If you're using a recent version of ABP, the Filterset.G Updater is obsolete…the built in subscription mechanism is much better IMO.
Get More Corporate Gigs
Re:Originally posted by: guy
I've got quite a few installed. This is my lappy:
1. AdBlock Plus
2. Adblock Filterset.G Updater
3. Adblock Plus: Element Hiding Helper
4. CookieSafe
5. Fasterfox
6. FlashGot
7. Foxmarks Bookmark Synchronizer
8. Greasemonkey
9. NoScript
10. Reload Every
Stuff like greasemonkey, noscript, and adblock are going to be safe.
I am not familar with all of them so I don't know.
A partial list of problem extensions is (from the disclosure):
A vulnerability exists in the upgrade mechanism used by a number of
high profile Firefox extensions. These include Google Toolbar, Google
Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar,
AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft
Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others,
mainly commercial extensions.
Any extensions you got from addons.mozilla.org or got through the 'get more extensions' in the tool menu —> extensions window then you're fine.
Examsheets – Offers Cert Bundle In $99.
Re:Originally posted by: guy
Thanks for the info, guy. The blog.wired.com link isn't working for me right now.
How do we know which extensions are proprietary and which aren't?
The easy way to know the difference is if you got the extension from addons.mozilla.org or any sort of official mozilla/firefox mechanism. Those are going to be safe. They require the use of https (which authenticates the hosts your getting the files from) and they have to ask your permission to upgrade or not.
If you had to go to a external site and whitelist it then you have to be carefull. The fact that these are updating automaticly and do not use any host authentication beyond DNS names is the problem.
From the disclosure:
The vast majority of the open source/hobbyist made Firefox extensions
- those that are hosted at https://addons.mozilla.org – are not
vulnerable to this attack. Users of popular Firefox extensions such as
NoScript, Greasemonkey, and AdBlock Plus have nothing to worry about.
Reiki Master Home Study Course.
Re:thanks for the heads up.
i do love the browser sync though 
maybe they wont take too long to fix it now that its been announced, ill have it off in the meantime
Bedroom Master
Re:I've got quite a few installed. This is my lappy:
1. AdBlock Plus
2. Adblock Filterset.G Updater
3. Adblock Plus: Element Hiding Helper
4. CookieSafe
5. Fasterfox
6. FlashGot
7. Foxmarks Bookmark Synchronizer
8. Greasemonkey
9. NoScript
10. Reload Every
Headline Master Course
Re:I didn installed any of these. They start with your computer when you are using Windows systems and we yet don know waht they do really.
Master Your Kitchen Knives Ebook
Re:Thanks for the info, guy. The blog.wired.com link isn't working for me right now.
How do we know which extensions are proprietary and which aren't?
As I'm typing this the Wired.com link loaded. Reading now
The Simple Way To Master The Piano
Re:oh here is a article about it:
http://blog.wired.com/27bstroke6/2007/05/google_yahoo_fa.html
Here is the vunerability disclosure:
http://lwn.net/Articles/236198/
edit:
From the email the guy disclosed this stuff to Google et al 45 days before releasing the info to public. Still no fix. So much for 'Do no evil' (well I gave up even thinking that was a possiblity after the chinese b.s.)
0 Comments.