X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Serious security / privacy breach in Firefox 36.0

Kuphostiwe

I just updated to Firefox 36.0. I was curious about the new "Hello" feature, so:

  1) I clicked "Start a conversation".
  2) As soon as it opened, I immediately closed the conversation and deleted it.
  3) I also changed my status from the default "Available" to "Do Not Disturb".

About 30 minutes later, my camera turned on! I have no other application that would do this without consent; it has never happened before.

I hate to ditch Firefox, but this breach is too severe to overlook. I imagine it has equal control over the microphone. Embedding third party software with this kind of hardware control seems reckless to me. Firefox Hello...Provided by TokBox, Inc....Powered by Telefonica ?! Did we miss the recent news about Lenovo and Superfish?

I have a lot of respect for Mozilla and all the products it has generated. I await news on this, but not using Firefox in the meantime.

I just updated to Firefox 36.0. I was curious about the new "Hello" feature, so: 1) I clicked "Start a conversation". 2) As soon as it opened, I immediately closed the conversation and deleted it. 3) I also changed my status from the default "Available" to "Do Not Disturb". About 30 minutes later, my camera turned on! I have no other application that would do this without consent; it has never happened before. I hate to ditch Firefox, but this breach is too severe to overlook. I imagine it has equal control over the microphone. Embedding third party software with this kind of hardware control seems reckless to me. Firefox Hello...Provided by TokBox, Inc....Powered by Telefonica ?! Did we miss the recent news about Lenovo and Superfish? I have a lot of respect for Mozilla and all the products it has generated. I await news on this, but not using Firefox in the meantime.

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 3.0.30618; Media Center PC 5.0; SLCC1; .NET4.0C; .NET4.0E; InfoPath.3; rv:11.0) like Gecko

Eminye Imininingwane

Umnikazi wombuzo

Is there a way to completely and permanently remove this new technology from Firefox?

Is there a way to completely and permanently remove this new technology from Firefox?
philipp
  • Top 25 Contributor
  • Moderator
5287 izisombululo 23362 izimpendulo
Kuphostiwe

Impendulo Ewusizo

enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named loop.enabled. double-click it and change its value to false.

enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''loop.enabled'''. double-click it and change its value to '''false'''.

Umnikazi wombuzo

philipp said

enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named loop.enabled. double-click it and change its value to false.

Thanks for that, but it looks a bit generic. What else will this setting affect?

''philipp [[#answer-695784|said]]'' <blockquote> enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''loop.enabled'''. double-click it and change its value to '''false'''. </blockquote> Thanks for that, but it looks a bit generic. What else will this setting affect?
philipp
  • Top 25 Contributor
  • Moderator
5287 izisombululo 23362 izimpendulo
Kuphostiwe

generic or not, this setting will disable firefox hello.

generic or not, this setting will disable firefox hello.

Umnikazi wombuzo

I understand you are saying it will disable Hello. But I was asking if anything else in Firefox might be affected by this config setting.

I understand you are saying it will disable Hello. But I was asking if anything else in Firefox might be affected by this config setting.
philipp
  • Top 25 Contributor
  • Moderator
5287 izisombululo 23362 izimpendulo
Kuphostiwe

Impendulo Ewusizo

no, "loop" is the codename for firefox hello - it won't affect anything else...

no, "loop" is the codename for firefox hello - it won't affect anything else...
Standard8 35 izisombululo 192 izimpendulo
Kuphostiwe

Mozzilav, did you try restarting Firefox when the camera light came on? That would help to prove if it was Firefox or not.

Obviously Firefox shouldn't be turning the camera on outside of your use of Hello, I'm just trying to track down the issue a bit more.

Do you recall when you started the conversation and you had the conversation window open - did the camera light come on then as well, before you shut the conversation?

Mozzilav, did you try restarting Firefox when the camera light came on? That would help to prove if it was Firefox or not. Obviously Firefox shouldn't be turning the camera on outside of your use of Hello, I'm just trying to track down the issue a bit more. Do you recall when you started the conversation and you had the conversation window open - did the camera light come on then as well, before you shut the conversation?

Umnikazi wombuzo

Hello Standard8, When I started the Hello conversation, it did not display the small orange box at the top of the screen indicating there was camera activity, and I do not recall seeing the camera light on.

But some time after ending the Hello conversation and deleting it (within 30min or so), the camera definitely turned on. I verified that there was no new or hanging Hello activity. It was a big wtf moment. Killing the firefox.exe process via Task Manager immediately turned the camera off.

Hello Standard8, When I started the Hello conversation, it did not display the small orange box at the top of the screen indicating there was camera activity, and I do not recall seeing the camera light on. But some time after ending the Hello conversation and deleting it (within 30min or so), the camera definitely turned on. I verified that there was no new or hanging Hello activity. It was a big wtf moment. Killing the firefox.exe process via Task Manager immediately turned the camera off.
Standard8 35 izisombululo 192 izimpendulo
Kuphostiwe

Thanks, that's useful information. Would you be prepared to give it a try once more to see if it reproduces in the same way?

Also, can I get a few details of what your operating system is, and what camera/microphones you have connected (or built-in)?

Thanks, that's useful information. Would you be prepared to give it a try once more to see if it reproduces in the same way? Also, can I get a few details of what your operating system is, and what camera/microphones you have connected (or built-in)?