Avatar for Username

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Learn More

Denna tråd har arkiverats. Ställ en ny fråga om du behöver hjälp.

[security] regular hash check on preinstalled addons

  • 3 svar
  • 1 har detta problem
  • 7 visningar
  • Senaste svar av James

jobanji
jobanji
more options

A simple addon could do this automatically very quickly and easily, by downloading the latest addons at semi random intervals, and comparing hashes; if the hashes are not already available on firefoxes own addons page.

Today I had noticed the user interface in disconnect totally changed in my firefox browser. It had a clean vertical column listing only google, facebook, twitter, and a few other websites; Each was like a rectangular button. Nothing else was visible. It was completely different than the original. I should have took a screenshot and backed up the extension but failed to do so. I uninstalled the addon and re-installed it from firefox's website; The UI immediately went back to normal. I confirm signature checks were in fact enabled. I'm curious what kind of security firefox implements. I know its supposed to only allow signed addons, but does it go one step further and do regular hash checks to ensure it has not been modified or replaced with malware? I believe this will be a necessary step in order to mitigate against many zero day threats or vulnerabilities within browser signature verification systems.

A simple addon could do this automatically very quickly and easily, by downloading the latest addons at semi random intervals, and comparing hashes; if the hashes are not already available on firefoxes own addons page. Today I had noticed the user interface in disconnect totally changed in my firefox browser. It had a clean vertical column listing only google, facebook, twitter, and a few other websites; Each was like a rectangular button. Nothing else was visible. It was completely different than the original. I should have took a screenshot and backed up the extension but failed to do so. I uninstalled the addon and re-installed it from firefox's website; The UI immediately went back to normal. I confirm signature checks were in fact enabled. I'm curious what kind of security firefox implements. I know its supposed to only allow signed addons, but does it go one step further and do regular hash checks to ensure it has not been modified or replaced with malware? I believe this will be a necessary step in order to mitigate against many zero day threats or vulnerabilities within browser signature verification systems.

Alla svar (3)

jobanji
jobanji Frågans ägare
more options

It would be best if Firefox provided the latest hash checksum on the addons page, to avoid the necessity of re-downloading each addon individually.

Shadow110
Shadow110
more options

Hi, that would be grand. Unfortunately Support Volunteers can't make changes to Firefox websites. Posting here will not go far.

Yes there has been a few issues already where things were replaced after being ok'd for use. Quickly taken down though. It is not strange for that to happen as Google Store, Chrome & Microsoft have been hit with that also.

To submit suggestions for new or changed features to a dedicated team for review may I suggest: Feedback: https://qsurvey.mozilla.com/s3/FirefoxInput/ or for Extensions : https://discourse.mozilla.org/c/add-ons

Please let us know if this solved your issue or if need further assistance.

James
James
  • Top 25 Contributor
  • Moderator
more options

Firefox is the name of the web browser as Mozilla is the company.

The better place to discuss this idea about Extensions would be at https://discourse.mozilla.org/c/add-ons