On TV.com: TOP 10 Shows CANCELED Too Soon

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

July 9th, 2007

Securing Firefox: How to avoid hacker attacks on Mozilla's browser

Posted by Ryan Naraine @ 12:21 pm

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Privacy, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Security, Hacker Attack, Mozilla Firefox, CERT Coordination Center, Microsoft Internet Explorer, Web Browser, Ryan Naraine

Security problems with Microsoft’s dominant Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as a perfect alternative for Web surfers.

However, Firefox users should be aware that hackers can exploit software flaws and design features to launch drive-by attacks.

The following configuration changes, recommended by CERT/CC, can disable various features and set up the browser to run in a secure state, limiting the damage from malware attacks.

Click here to see our extended gallery with tips/tricks to configure Firefox to run securely.

For more on browser security, see this CERT/CC document.

ALSO SEE:

* How to run Internet Explorer securely.

* How to run Apple Safari browser securely.

[UPDATE: July 10,2007 @ 9:25 AM] As a few readers have pointed out, these CERT/CC recommendations came from an older version of Firefox. On newer versions, the display screens will vary slightly but the advice/recommendations still apply. I was aware of this and spoke to Will Dorman of CERT/CC before this posting. He is updating the document to reflect the latest browser versions but, as noted before, these tips still apply, even on fully updated browsers.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 23 Talkback(s)

Thread View
Flat View

Unfortunately, not all of those options are avaiable: Unfortunately, not all of those options are available in the newest versions of Firefox. The dialogs are very different now, with features being added, deleted, and moved.... (Read the rest); Posted by: CobraA1 Posted on: 07/10/07 You are currently: a Guest | Log in | Terms of Use

Apparently it's by dropping the "H" from "HTTP"? ejhonda | 07/09/07

How to secure Firefox, IE and Safari to avoid hacker attacks... Scrat | 07/09/07

Perfect Alternative? Not on this planet (nt) No_Ax_to_Grind | 07/09/07

Only the gullible fell for the "It's more secure" line. ye | 07/09/07

Well... zkiwi | 07/09/07

Yep tonymcs@... | 07/09/07

Hmmm.... zkiwi | 07/09/07

Never had a problem with IE. ye | 07/10/07

Same here voska | 07/10/07

Gullible or just understand English? frgough | 07/10/07

Yes, gullible. OSS browsers were sold to the gullible as... ye | 07/10/07

This chart looks out of date, what about NoScript? Narr vi | 07/09/07

Version? jhhicks@... | 07/10/07

Found the same thing (NT) voska | 07/10/07

Alternatives D. T. Schmitz | 07/09/07

Alternatives, Take 2 D. T. Schmitz | 07/09/07

Did anyone read the reccomendations? kokuryu | 07/10/07

Too Funny ccrashh2@... | 07/10/07

CERT/CC ccrashh2@... | 07/10/07

CERT/CC Ryan Naraine

| 07/10/07

Unfortunately, not all of those options are avaiable CobraA1 | 07/10/07

Security wasn't really the issue with me voska | 07/10/07

Example uses OLD Firefox 1.5 dialogs! bugmenot2 | 07/10/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More