Comments on: Firefox Keeps You Safe In Ways Other Browsers Don’t

By: Nick

Nick — Wed, 21 Oct 2009 20:41:44 +0000

Hello Your Future,

Before you look for “cracking the killswitch” system, there’s a checkbox that you can uncheck. The Blocklist doesn’t make running blocked plugins impossible, but it makes users aware of significant security issues, and in this case these plugins and add-ons were installed largely without the knowledge of the users in the first place.

By: morgamic

morgamic — Wed, 21 Oct 2009 19:34:43 +0000

That’s definitely one way to look at it, but the world (and the internet) is not so black and white and there is significant value in compromise.

But if this is in regards to the .NET stuff — that anger should be equally sent elsewhere to those who install plugins on your machine without telling you. If we blocklist something that was there without your permission in the first place, is it fair to be so angry at us for trying to do something to prevent exploits from harming people who are unaware of the entire situation?

There is no perfect answer to that dilemma.

By: Your Future

Your Future — Mon, 19 Oct 2009 00:22:38 +0000

I will not allow software to run on my machine that can be remote-controlled.

It is not Mozilla’s fucking right to alter my software on my fucking machine that I paid for. It is not a matter for them to decide what software can and cannot run on my machine. It’s my fucking machine.

That’s why I stayed with Firefox 2.0, and will find out how to crack the killswitch system, just for freedom’s sake.

By: hackademix.net » Firefox's Immune System

hackademix.net » Firefox's Immune System — Sat, 17 Oct 2009 16:23:22 +0000

[...] compromising Firefox’s security, Mozilla reacted unleashing a “doomsday weapon”: Plugin Blocklisting, a feature introduced more than one year ago in Firefox 3 and kept quiet so far, which allows quick [...]

By: Matthew Fabb

Matthew Fabb — Tue, 24 Jun 2008 04:22:20 +0000

Yikes! This is certainly a feature I rather not have turned on and had no idea it existed before reading this blog postings.

Anyways, thanks for showing a way to turn this off. It’s too bad that this feature needs to be burried in the about.config, instead of being a checkbox in the security panel.

Does Firefox 3 at least let users know that they have blocked plugins or extensions when an attempt is made to use a blocked plugin or extension? Because I can see it being really frustrating for users wondering why a plugin or extension isn’t working, possibly trying to re-install it to get it working.

I don’t know about other users, but personally if there’s a vulerability, rather read up about it and determine myself whether or not to disable the plugin or extension rather than let Mozilla play Big Brother. Especially, if it’s a plugin I may use on a often and don’t have an issue in trusting that the websites that I visit regularly are not going to try to hack my machine with a recent exploit.

Also taking into consideration, that there’s been recent cases where new security vulnerabilities that have popped up have turned out to be old vulnerabilities that don’t effect the latest version of a plugin. This is what happened with the last reported Flash vulnerability, that was reported as a zero-day exploit for the new version of the plugin, but then several days later it turned out to be an old exploit in an older version of the plugin.