Mozilla Sniffer protection ?

Discussion in 'Prevx Releases' started by CloneRanger, Jul 14, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Would Prevx/PSOL protect against this, and/or something similar ?

    :thumb: to guest for the link - https://www.wilderssecurity.com/showthread.php?p=1712306#post1712306
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Very Interesting thanks CloneRanger!

    TH
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @Triple Helix

    Isn't it, can't wait to see what Prevx say.

    Don't forget guest :thumb:
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  5. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The worry here was if a user installed this add-on; apparently. uninstalling the add-on stopped this behaviour. It's all moot as I note the add-on was disabled and added to the blocklist.

    It's also worth noting that the add-on was not reviewed by Mozilla by their own admission, and this is something they're eager to address.
     
    Last edited: Jul 14, 2010
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Originally Posted by TonyW

    If they don't ? They would have to be aware of the exploit to uninstall.

    Correct :thumb: but in the meantime **** could have happened if exploited.

    Edit -

    I see you just did ;) so,

    Exactly my concerns.

    I should think so too :thumb:

    *

    So still like to know if Prevx/PSOL would protect against this, and/or something similar ?
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    True but it will be nice to here what Joe has to say for future reference!

    TH
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It will be interesting to see what Joe says for sure, but I would argue a case for being careful with downloading add-ons, especially if it's not well established and, as in this case, only been active for about a month.

    This is part of the problem when people download too many add-ons in this manner, especially novice users.

    So whilst it'll be good to know if Prevx can protect against such things, it's also good to know how to minimise the risk in the first place.
     
  9. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I highly doubt that Prevx would prevent an addon to Firefox (or whatever Mozilla program you're talking about) to do what it's supposed to do. It's sort of like a rouge AV; it's designed like a normal application, hence there is no way to tell it's rouge until you notice it yourself.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We actually would prevent it (in FF/IE/etc.) - when on a secured website, we only allow addons that are known good (whitelisted) to access secured data within the browser.

    This is the main reason why our go-to response when a client comes in with a problem is to ask for a scan log. While SafeOnline doesn't require the antimalware components of Prevx to block threats, it does use the whitelisting components of the Prevx database to know if a plugin is known legitimate or not. Anything else is blocked :)

    Hope that helps!
     
  11. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    That is excellent! The protection of Prevx surprise me in a positive way every single time.
     
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Thanks Joe for the info and it's great to here that Prevx with SafeOnline always have our backs covered :thumb:

    TH
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,770
    Location:
    Outer space
    I think you misunderstood, the addon will still install but it is not allowed to access data within the browser by Prevx because it is not whitelisted ;)

     
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Yes but those add-ons have been blacklisted now and even Mozilla is notifying that the add-ons should be uninstalled and they disabled them if you have them installed!

    TH
     
    Last edited: Jul 16, 2010
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,770
    Location:
    Outer space
    I know, I was just trying to explain what Joe said ;)
     
  17. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Not a problem! :thumb:

    TH :D
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi Joe can you comment about this Issue?

    TIA,

    TH
     
  19. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    The first thing that I do when I install a browser is deactivate all the password managers and things like that. Putting my passwords in a browser's hands........uffff.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Interesting that there's no mention of the Master Password feature.
     
  21. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'll have to get some further information on this one as I'm honestly not sure how they'd steal passwords from within a webpage directly like this. However, Firefox/IE and most other browsers are definitely vulnerable to local attacks, which is why SafeOnline steps in and blocks anything from reading the browser's stored passwords.

    With Firefox at least, a Master Password does indeed help but SafeOnline provides protection over all of it even if you don't have one :)
     
  22. developers

    developers Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    62
    http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html

    Mozilla Sniffer was sharing the same UUID as the Tamper Data add-on, which meant it had overwritten the contents of the well-trusted Tamper Data directory. Hartmann said this was a "nice way of hiding backdoor code".
    The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and also added a new script

    It's a XSS attack
    Firefox:
    PoC

    Safari
    I know who your name, where you work, and live (Safari v4 & v5)
    PoC
     
  23. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi Joe Did you find any info as to this possible problem? I tried this test that developers Posted! It's a XSS attack Firefox: PoC with SafeOnline set to the Max on HTTP sites and it failed! Or can you shed some light on this test?

    TIA,

    TH
     
    Last edited: Jul 31, 2010
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Scripting enabled for the tests, and PSOL on max on HTTP sites

    As soon as i go there i see

    p2.gif = ?

    With no PW saving in Noscript

    p1.gif

    With PW saving in Noscript

    pw.gif

    Disabled PSOL for 5 minutes and redid it. This time clicking Remember did NOT advance the bar ? No PW was saved or shown.

    do u.gif

    None of it worked work for me = :thumb:
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    For average users it would fail as it showed my password after going back to that site!

    Capture31-07-2010-8.05.53 PM.jpg Capture31-07-2010-8.09.04 PM.jpg

    TH
     
    Last edited: Jul 31, 2010
Thread Status:
Not open for further replies.