Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: No NoScrlpt and WOT!

14 Apr 2016   #1
ellenc

Windows 7 Professional
 
 
No NoScrlpt and WOT!

I received an email report yesterday that really shocked me: It seems that the most popular/widely used Firefox addons post a security vulnerability: NoScript (!!), WOT and others. As far as I can interpret, each Firefox extension is a separate "entity," not part of a single extension architecture, and is therefor vulnerable. I immediately disabled the above. But NoScript?? Oh, no! Here I was thinking how secure this critical extension is, but according to the report, it turns out that there is a false sense of security, like the revelation of PayPal's "security." ellenc (P.S. My computer and I feel naked without NoScript.)


My System SpecsSystem Spec
.
14 Apr 2016   #2
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Have a read through this: Firefox Cross-Extension vulnerability discovered - gHacks Tech News

It seems to advise the same as responders to your post on another forum. (There's no need to worry unless you installed a malicious add on in addition to WOT or NoScript)

It should not be possible to install a malicious addon unless you have over-ridden add on signing requirements.

My personal choices:

I run browsers under stripmyrights so that even if compromised files cannot execute or be written to in system folders.
No NoScrlpt and WOT!-stripmyrights-cyberfox.jpg
No NoScrlpt and WOT!-stripmyrights-firefox.jpg
No NoScrlpt and WOT!-stripmyrights-opera.jpg
So to use the image shown in the linked article nothing can execute in system folders.
No NoScrlpt and WOT!-firefox-reuse-vulnerability.jpg
Also use I EMET:

Enhanced Mitigation Experience Toolkit (EMET)

and VoodooShield Pro:

VoodooShield free blocks exploits and more

NOTE: VoodooShield Pro is a paid for program and is not really suitable for inexperienced users.

EDIT:

If you are worried you can scan your current extensions (.xpi file extension) by uploading to VirusTotal.

C:\Users\Username\AppData\Roaming\Mozilla\Extensions
No NoScrlpt and WOT!-extensions.jpg
I have just a single unsigned extension and it scans clean.
No NoScrlpt and WOT!-virustotal-scanner.jpg
EDIT 2:

That's my 20 extensions scanned. One false positive detection so no need to disable WOT.
No NoScrlpt and WOT!-virustotal-results-ff-extensions.jpg


My System SpecsSystem Spec
14 Apr 2016   #3
ellenc

Windows 7 Professional
 
 
No NoScript cont

Thank you ever so much for the time and effort made to provide me with this information. I'll be studying it and will no doubt follow your advise. A million thanks. ellenc
My System SpecsSystem Spec
.

06 May 2016   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

As a follow up - I found an article that you might like to read:

April security sensationalism and FUD

It explains better than I can why you should not worry about NoScript.

As for the mentioned "embedded font exploits" I added the registry key even though I use EMET.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
No NoScrlpt and WOT!-mitigation-options.jpg


My System SpecsSystem Spec
08 May 2016   #5
ellenc

Windows 7 Professional
 
 
NoScrilpt and WOT

I greatly appreciate yiur thoughtfullness in providing this followup. ec
My System SpecsSystem Spec
Reply

 No NoScrlpt and WOT!




Thread Tools Search this Thread
Search this Thread:

Advanced Search



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:46.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App