No NoScrlpt and WOT!


  1. ellenc
    Posts : 147
    Windows 7 Professional
       New #1

    No NoScrlpt and WOT!


    I received an email report yesterday that really shocked me: It seems that the most popular/widely used Firefox addons post a security vulnerability: NoScript (!!), WOT and others. As far as I can interpret, each Firefox extension is a separate "entity," not part of a single extension architecture, and is therefor vulnerable. I immediately disabled the above. But NoScript?? Oh, no! Here I was thinking how secure this critical extension is, but according to the report, it turns out that there is a false sense of security, like the revelation of PayPal's "security." ellenc (P.S. My computer and I feel naked without NoScript.)
      My Computer
    Quote Quote

  3. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #2

    Have a read through this: Firefox Cross-Extension vulnerability discovered - gHacks Tech News

    It seems to advise the same as responders to your post on another forum. (There's no need to worry unless you installed a malicious add on in addition to WOT or NoScript)

    It should not be possible to install a malicious addon unless you have over-ridden add on signing requirements.

    My personal choices:

    I run browsers under stripmyrights so that even if compromised files cannot execute or be written to in system folders.

    No NoScrlpt and WOT!-stripmyrights-cyberfox.jpg

    No NoScrlpt and WOT!-stripmyrights-firefox.jpg

    No NoScrlpt and WOT!-stripmyrights-opera.jpg

    So to use the image shown in the linked article nothing can execute in system folders.

    No NoScrlpt and WOT!-firefox-reuse-vulnerability.jpg

    Also use I EMET:

    Enhanced Mitigation Experience Toolkit (EMET)

    and VoodooShield Pro:

    VoodooShield free blocks exploits and more

    NOTE: VoodooShield Pro is a paid for program and is not really suitable for inexperienced users.

    EDIT:

    If you are worried you can scan your current extensions (.xpi file extension) by uploading to VirusTotal.

    C:\Users\Username\AppData\Roaming\Mozilla\Extensions

    No NoScrlpt and WOT!-extensions.jpg

    I have just a single unsigned extension and it scans clean.

    No NoScrlpt and WOT!-virustotal-scanner.jpg

    EDIT 2:

    That's my 20 extensions scanned. One false positive detection so no need to disable WOT.

    No NoScrlpt and WOT!-virustotal-results-ff-extensions.jpg
    Last edited by Callender; 14 Apr 2016 at 15:10. Reason: add info
      My Computer
    Quote Quote

  4. ellenc
    Posts : 147
    Windows 7 Professional
    Thread Starter
       New #3

    No NoScript cont


    Thank you ever so much for the time and effort made to provide me with this information. I'll be studying it and will no doubt follow your advise. A million thanks. ellenc
      My Computer
    Quote Quote

  6. Callender
    Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       New #4

    As a follow up - I found an article that you might like to read:

    April security sensationalism and FUD

    It explains better than I can why you should not worry about NoScript.

    As for the mentioned "embedded font exploits" I added the registry key even though I use EMET.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel

    No NoScrlpt and WOT!-mitigation-options.jpg
      My Computer
    Quote Quote

  7. ellenc
    Posts : 147
    Windows 7 Professional
    Thread Starter
       New #5

    NoScrilpt and WOT


    I greatly appreciate yiur thoughtfullness in providing this followup. ec
      My Computer
    Quote Quote

 

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:27.
Find Us