No NoScrlpt and WOT!

E

ellenc

New member
Member
VIP
Local time
9:22 PM
Messages
147
[FONT=&quot]I received an email report yesterday that really shocked me: It seems that the most popular/widely used Firefox addons post a security vulnerability: NoScript (!!), WOT and others. As far as I can interpret, each Firefox extension is a separate "entity," not part of a single extension architecture, and is therefor vulnerable. I immediately disabled the above. But NoScript?? Oh, no! Here I was thinking how secure this critical extension is, but according to the report, it turns out that there is a false sense of security, like the revelation of PayPal's "security." ellenc (P.S. My computer and I feel naked without NoScript.)[/FONT]
 

My Computer My Computer

At a glance

Windows 7 Professional2.70gigahertz AMD Athlon 7750 Dual-Core3328 Megabytes Usable Installed MemoryATI Radcon HD 3200 Graphics
Computer Manufacturer/Model Number
Dell Inspiron 546
OS
Windows 7 Professional
CPU
2.70gigahertz AMD Athlon 7750 Dual-Core
Motherboard
Dell, Inc. 0F896N A02
Memory
3328 Megabytes Usable Installed Memory
Graphics Card(s)
ATI Radcon HD 3200 Graphics
Monitor(s) Displays
Dell E1709W 17,2" monitor
Hard Drives
309.54G usable hard drive capacity
161.25G hard drive free space
Seagate FreeAgent Go 500G external drive
Seagate FreeAgent Go 160G external drive
Maxtor One Touch 250G external drive
Have a read through this: Firefox Cross-Extension vulnerability discovered - gHacks Tech News

It seems to advise the same as responders to your post on another forum. (There's no need to worry unless you installed a malicious add on in addition to WOT or NoScript)

It should not be possible to install a malicious addon unless you have over-ridden add on signing requirements.

My personal choices:

I run browsers under stripmyrights so that even if compromised files cannot execute or be written to in system folders.

StripMyRights Cyberfox.jpg

StripMyRights Firefox.jpg

StripMyRights Opera.jpg

So to use the image shown in the linked article nothing can execute in system folders.

firefox-reuse-vulnerability.jpg

Also use I EMET:

Enhanced Mitigation Experience Toolkit (EMET)

and VoodooShield Pro:

http://www.sevenforums.com/system-security/354233-voodooshield-free-blocks-exploits-more.html

NOTE: VoodooShield Pro is a paid for program and is not really suitable for inexperienced users.

EDIT:

If you are worried you can scan your current extensions (.xpi file extension) by uploading to VirusTotal.

C:\Users\Username\AppData\Roaming\Mozilla\Extensions

extensions.jpg

I have just a single unsigned extension and it scans clean.

VirusTotal Scanner.jpg

EDIT 2:

That's my 20 extensions scanned. One false positive detection so no need to disable WOT.

VirusTotal Results - FF Extensions.jpg
 
Last edited:

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
No NoScript cont

Thank you ever so much for the time and effort made to provide me with this information. I'll be studying it and will no doubt follow your advise. A million thanks. ellenc
 

My Computer My Computer

At a glance

Windows 7 Professional2.70gigahertz AMD Athlon 7750 Dual-Core3328 Megabytes Usable Installed MemoryATI Radcon HD 3200 Graphics
Computer Manufacturer/Model Number
Dell Inspiron 546
OS
Windows 7 Professional
CPU
2.70gigahertz AMD Athlon 7750 Dual-Core
Motherboard
Dell, Inc. 0F896N A02
Memory
3328 Megabytes Usable Installed Memory
Graphics Card(s)
ATI Radcon HD 3200 Graphics
Monitor(s) Displays
Dell E1709W 17,2" monitor
Hard Drives
309.54G usable hard drive capacity
161.25G hard drive free space
Seagate FreeAgent Go 500G external drive
Seagate FreeAgent Go 160G external drive
Maxtor One Touch 250G external drive
As a follow up - I found an article that you might like to read:

April security sensationalism and FUD

It explains better than I can why you should not worry about NoScript.

As for the mentioned "embedded font exploits" I added the registry key even though I use EMET.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel

Mitigation Options.jpg
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
NoScrilpt and WOT

I greatly appreciate yiur thoughtfullness in providing this followup. ec
 

My Computer My Computer

At a glance

Windows 7 Professional2.70gigahertz AMD Athlon 7750 Dual-Core3328 Megabytes Usable Installed MemoryATI Radcon HD 3200 Graphics
Computer Manufacturer/Model Number
Dell Inspiron 546
OS
Windows 7 Professional
CPU
2.70gigahertz AMD Athlon 7750 Dual-Core
Motherboard
Dell, Inc. 0F896N A02
Memory
3328 Megabytes Usable Installed Memory
Graphics Card(s)
ATI Radcon HD 3200 Graphics
Monitor(s) Displays
Dell E1709W 17,2" monitor
Hard Drives
309.54G usable hard drive capacity
161.25G hard drive free space
Seagate FreeAgent Go 500G external drive
Seagate FreeAgent Go 160G external drive
Maxtor One Touch 250G external drive
You must log in or register to reply here.

Similar threads

Windows 7 and Windows 10 Dual-Boot no longer able to start Windows 7
Replies
4
Views
6K
flavallee
flavallee
Shift-click and now Control-click Intermittent No Work
Replies
0
Views
1K
BuckSkin
B
Diagnostic Policy Services not running - and won't run
Replies
6
Views
5K
Louiscar
L
Solved My laptop won't boot, and I no longer have a DVD drive
Replies
5
Views
1K
Paul Black
Paul Black
Solved Unwanted POP-UP and Windows-7 recovery(s) for no known reason?
2 3
Replies
55
Views
9K
Mike Lynch
Mike Lynch
Back
Top