X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Is there a Whitepaper or similar which describes how the automatic updating of Firefox is secured?

Được đăng

I'm facing an Audit from our Security which is asking how the automatic update process of Mozilla Firefox is secured against Manipulation or malicious Software. The fear is that per example somebody could manipulate the update to load an infected File instead of the original Firefox Update. I've already searched for half a day through the Internet and in the Mozilla wiki but could not find a description of this. Could you please provide me a Whitepaper or similar which describes how Mozilla Firefox ensures that only official and not manipulated Updates can be loaded and installed e.g. does the Client validate the installer hash before execution etc.

Here would be the equivalent Information from Google about Chrome: https://www.google.com/intl/en/chrome/browser/privacy/whitepaper.html https://github.com/google/omaha/blob/master/doc/install-update-overview.png

I'm facing an Audit from our Security which is asking how the automatic update process of Mozilla Firefox is secured against Manipulation or malicious Software. The fear is that per example somebody could manipulate the update to load an infected File instead of the original Firefox Update. I've already searched for half a day through the Internet and in the Mozilla wiki but could not find a description of this. Could you please provide me a Whitepaper or similar which describes how Mozilla Firefox ensures that only official and not manipulated Updates can be loaded and installed e.g. does the Client validate the installer hash before execution etc. Here would be the equivalent Information from Google about Chrome: https://www.google.com/intl/en/chrome/browser/privacy/whitepaper.html https://github.com/google/omaha/blob/master/doc/install-update-overview.png

Chi tiết hệ thống bổ sung

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; Tablet PC 2.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko

Thông tin chi tiết

FredMcD
  • Top 10 Contributor
4272 giải pháp 59920 câu trả lời
Được đăng

All updates come from Mozilla.org and only contain the program in question.

WARNING: There are fake update pages that claim your <whatever> program is out of date, or malware was discovered, or some other problem.

All updates come from Mozilla.org and only contain the program in question. WARNING: There are fake update pages that claim your <whatever> program is out of date, or malware was discovered, or some other problem.

Người tạo câu hỏi

Hi FredMcD Many thanks for your reply, but i would need a documentation of how it is technically secured that the updates can only be loaded from Mozilla.org. I cannot tell our security "it is working fine" without any technical description it would be useless. Sorry for my bad english i'm not a native english Speaker.

Hi FredMcD Many thanks for your reply, but i would need a documentation of how it is technically secured that the updates can only be loaded from Mozilla.org. I cannot tell our security "it is working fine" without any technical description it would be useless. Sorry for my bad english i'm not a native english Speaker.
the-edmeister
  • Top 25 Contributor
  • Moderator
5411 giải pháp 40310 câu trả lời
Được đăng

Sorry, I can't answer that directly, but I can point you in the direction of where you might be able to find it.

Developer documentation is here: https://developer.mozilla.org/en-US/

Sorry, I can't answer that directly, but I can point you in the direction of where you might be able to find it. Developer documentation is here: https://developer.mozilla.org/en-US/