Discussion of general topics about Mozilla Firefox
How about adding a colored border strip around the four sides of any window that does this? This wouldn't interfere with the usefulness of such windows, but would very easily distinguish such windows from normal windows, which is what the scam relies on -- fooling the user into thinking it's a normal window.
And from this thread http://forums.mozillazine.org/viewtopic ... 5&start=15 there is another very good suggestion.
It can't override the OS chrome though can it? Therefore if all XUL application windows have their normal titles overridden by the warning it should work.
So that's grandma , isn't it? Firefox it's a great browser not only for geeks, developers and that kind of super tech people. It's for every body. Kids, Bussiness man, your neighbor, G.W.Bush, anyone.
Firefox is just a browser, not a suite or a runtime to run cool XUL application, even it could. But this seems not to be as secure as we all wish, for grandma. So let's disable until we are 100% secure that no bad guy will use in it's own benefit.
One great goal of Firefox, and Mozilla is that they follow the W3C standars, so thats HTML, XHTML, XML, CSS, DOM, etc. But is XUL a standard? Is really necesary to view XUL applications in our browser by default?.
Maybe the best solution to this security issue, as has been sugested, is a whitelist of sites that can use XUL. So those who developed XUL applications can still be runned. Also a Sandbox for XUL it's also a great idea but, maybe more complicated to see in the Firefox milestone.
Obviously you still have to keep yours eyes open for sphifing. But we shouldn't easier things to the bad guys. So lets give grandma a secure Firefox for banking or shopping. And even she accepts XUL but mistake lets make the difference so that when it runs XULs that she can even notice that a bad guy is trying to steal her purse.
VerifyURL - http://forums.mozillazine.org/viewtopic.php?t=110239
This might be a good security measure for newbs that we setup with Firefox. Get them in the habit of checking it when something seems fishy, and they're more likely to notice the altered UI too.
Well i tried the sites with 0.9.3 and it worked pretty well except the for the nightlies which showed the yellow bar. Two things i noticed...the spoof didnt work in tabs ( they wouldnt display anything) and after installing the spoofstick extension it also gave it away...any comments on this two items ?
I thougth last version of Firefox (0.9.3 in French) was about to solve this problem but when I tried the "spoof test" again with 0.9.3, when I click on the "security icon" on the bottom left of the screen, it still tells me "this is a verified secure website" !!
What's going on ?
Who is online
Users browsing this forum: No registered users and 1 guest