Mozilla Sniffer protection ?

Would Prevx/PSOL protect against this, and/or something similar ?

to guest for the link - https://www.wilderssecurity.com/showthread.php?p=1712306#post1712306

 

Very Interesting thanks CloneRanger!

TH

 

@Triple Helix

Isn't it, can't wait to see what Prevx say.

Don't forget guest

 

Yes and the info is getting around! http://www.calendarofupdates.com/updates/index.php?showtopic=32202&pid=107772&st=0&#entry107772

TH

 

The worry here was if a user installed this add-on; apparently. uninstalling the add-on stopped this behaviour. It's all moot as I note the add-on was disabled and added to the blocklist.

It's also worth noting that the add-on was not reviewed by Mozilla by their own admission, and this is something they're eager to address.

 

Originally Posted by TonyW

If they don't ? They would have to be aware of the exploit to uninstall.

Correct but in the meantime **** could have happened if exploited.

Edit -

I see you just did so,

Exactly my concerns.

I should think so too

*

So still like to know if Prevx/PSOL would protect against this, and/or something similar ?

 

True but it will be nice to here what Joe has to say for future reference!

TH

 

It will be interesting to see what Joe says for sure, but I would argue a case for being careful with downloading add-ons, especially if it's not well established and, as in this case, only been active for about a month.

This is part of the problem when people download too many add-ons in this manner, especially novice users.

So whilst it'll be good to know if Prevx can protect against such things, it's also good to know how to minimise the risk in the first place.

 

I highly doubt that Prevx would prevent an addon to Firefox (or whatever Mozilla program you're talking about) to do what it's supposed to do. It's sort of like a rouge AV; it's designed like a normal application, hence there is no way to tell it's rouge until you notice it yourself.

 

We actually would prevent it (in FF/IE/etc.) - when on a secured website, we only allow addons that are known good (whitelisted) to access secured data within the browser.

This is the main reason why our go-to response when a client comes in with a problem is to ask for a scan log. While SafeOnline doesn't require the antimalware components of Prevx to block threats, it does use the whitelisting components of the Prevx database to know if a plugin is known legitimate or not. Anything else is blocked

Hope that helps!

 

That is excellent! The protection of Prevx surprise me in a positive way every single time.

 

Thanks Joe for the info and it's great to here that Prevx with SafeOnline always have our backs covered

TH

 

https://addons.mozilla.org/en-GB/firefox =

Thanks PrevxHelp, good news

 

I think you misunderstood, the addon will still install but it is not allowed to access data within the browser by Prevx because it is not whitelisted

 

Yes but those add-ons have been blacklisted now and even Mozilla is notifying that the add-ons should be uninstalled and they disabled them if you have them installed!

TH

 

I know, I was just trying to explain what Joe said

 

Not a problem!

TH

 

Hi Joe can you comment about this Issue?

TIA,

TH

 

The first thing that I do when I install a browser is deactivate all the password managers and things like that. Putting my passwords in a browser's hands........uffff.

 

Interesting that there's no mention of the Master Password feature.

 

I'll have to get some further information on this one as I'm honestly not sure how they'd steal passwords from within a webpage directly like this. However, Firefox/IE and most other browsers are definitely vulnerable to local attacks, which is why SafeOnline steps in and blocks anything from reading the browser's stored passwords.

With Firefox at least, a Master Password does indeed help but SafeOnline provides protection over all of it even if you don't have one

 

http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html

Mozilla Sniffer was sharing the same UUID as the Tamper Data add-on, which meant it had overwritten the contents of the well-trusted Tamper Data directory. Hartmann said this was a "nice way of hiding backdoor code".
The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and also added a new script

It's a XSS attack
Firefox:
PoC

Safari
I know who your name, where you work, and live (Safari v4 & v5)
PoC

 

Hi Joe Did you find any info as to this possible problem? I tried this test that developers Posted! It's a XSS attack Firefox: PoC with SafeOnline set to the Max on HTTP sites and it failed! Or can you shed some light on this test?

TIA,

TH

 

Scripting enabled for the tests, and PSOL on max on HTTP sites

As soon as i go there i see

= ?

With no PW saving in Noscript



With PW saving in Noscript



Disabled PSOL for 5 minutes and redid it. This time clicking Remember did NOT advance the bar ? No PW was saved or shown.



None of it worked work for me =

 

For average users it would fail as it showed my password after going back to that site!



TH