Comments on: Firefox Keeps You Safe In Ways Other Browsers Don’t

by: Matthew Fabb

Tue, 24 Jun 2008 04:22:20 +0000

Yikes! This is certainly a feature I rather not have turned on and had no idea it existed before reading this blog postings.

Anyways, thanks for showing a way to turn this off. It’s too bad that this feature needs to be burried in the about.config, instead of being a checkbox in the security panel.

Does Firefox 3 at least let users know that they have blocked plugins or extensions when an attempt is made to use a blocked plugin or extension? Because I can see it being really frustrating for users wondering why a plugin or extension isn’t working, possibly trying to re-install it to get it working.

I don’t know about other users, but personally if there’s a vulerability, rather read up about it and determine myself whether or not to disable the plugin or extension rather than let Mozilla play Big Brother. Especially, if it’s a plugin I may use on a often and don’t have an issue in trusting that the websites that I visit regularly are not going to try to hack my machine with a recent exploit.

Also taking into consideration, that there’s been recent cases where new security vulnerabilities that have popped up have turned out to be old vulnerabilities that don’t effect the latest version of a plugin. This is what happened with the last reported Flash vulnerability, that was reported as a zero-day exploit for the new version of the plugin, but then several days later it turned out to be an old exploit in an older version of the plugin.

by: morgamic

Mon, 23 Jun 2008 18:17:22 +0000

Wanted to add that there is an extension that already adds back the yellow background in the address bar for SSL sites:
https://addons.mozilla.org/en-US/firefox/addon/6227

It disables the awesome bar, but it’d be pretty trivial to add options to it.

by: morgamic

Sun, 22 Jun 2008 19:02:56 +0000

@an0n1 m0us - That’s a pretty absolute and divisive way to look at things. I haven’t seen the bug on that issue, but I am assuming you were outnumbered and you are upset about that. Fact remains, though, that your complaints are about something completely off-topic in relation to this post, so I am not sure why you bothered to troll this blog post, or exactly what your point is. Either way, your anonymity and pointed remarks aren’t going to make people take you seriously, so your tone is pretty self-defeating. There are better ways to channel your frustration with a feature you didn’t want.

by: an0n1 m0us

Sun, 22 Jun 2008 10:54:01 +0000

@morganmic

extensions are for knowledgable users. Bog standards features are there for protect idiot users from themselves. That is what Firefox continues to keep claiming it does. In this case that’s a false claim.

As for the bug, I’ve seen it and the debate was very long. In the end the opinion of someone who lives outside of east coast america and is not employed by Mozilla, means nothing.

I saw your article, I had a comment, I made it. If you don’t like that, why don’t you make comments registration only or simply delete my comment? Don’t hide behind the usual crap that Mozilla is this organisation that can never be criticized because people can change whatever they dont like and that all criticism should be buried in bug reports to be ignored by engineers.

by: morgamic

Sat, 21 Jun 2008 18:17:51 +0000

@Jesper — That is a fair point. So far the items we’ve blocklisted are receent top crashers so it has been a quality assurance tool. However, there is already a plan in motion to create a default blocklist.xml that we can ship with Firefox to protect users on their first install before Firefox talks to the online service for the first time. Using the service from both angles should improve coverage.