Security Tips For Firefox Users

[El Guru (Al)]

Jesse Ruderman, a contributor for Firefox security topics, released an article providing security tips for a Firefox users.  His recommendations include:

• Set Firefox to automatically install updates.
• Keep plugins such as Flash, QuickTime, Adobe Reader and Shockwave up to date.
• Only download and install software (including extensions) from trustworthy sources.
• Double check the location bar to ensure you are where you are supposed to be. Specially when you are at sites where sensitive data is exchanged like financial sites.
• Use anti-virus software.

The full article provides more details on these recommendations as well as tips for avoiding phising and ID theft.

Source: Mozilla Links

[Ryan Wagner]

The option that reads "Only download and install software (including extensions) from trustworthy sources."

Does this mean that Mozilla tests all extensions that they post on their addons page? That would be a lot of work to make sure none of the extensions do anything unknowingly.

[El Guru (Al)]

In my blog entry Security Tips For Firefox Users^*, I discuss in more details about the dangers of browser chrome spoofing and how to protect yourself.

^*Blog entry may be not be available until after 1:30 AM CST on 12/23/06 due to site maintenance 

[El Guru (Al)]

The option that reads "Only download and install software (including extensions) from trustworthy sources."

Does this mean that Mozilla tests all extensions that they post on their addons page? That would be a lot of work to make sure none of the extensions do anything unknowingly.

Very good point, I've wondered that myself.  While I have not seen anything "set in stone" I would venture to say the answer is yes.  I noticed when Fx2 was first released to the public that there were several days delays from when the developer "posted" the update to when it appeared on the Firefox add-ons page.  But this also opens a can of worms as extensions such as Nightly Tester Tools, ChromEdit Plus and Spellbound-II are not on the main Firefox Add-ons page.  How does one know these are trustworthy?

[Ryan Wagner]

Why can't all people just be good in the world then we wouldn't have to worry about malicious code or extensions.

[El Guru (Al)]

That would be a nice Utopia. 

[JohnM]

The option that reads "Only download and install software (including extensions) from trustworthy sources."

Does this mean that Mozilla tests all extensions that they post on their addons page? That would be a lot of work to make sure none of the extensions do anything unknowingly.

Mozilla reviews them to make sure the extensions install correctly and generally do what they say, but they don't check the code or anything like that. It takes several days for them to be approved sometimes because they only have so many reviewers and there are lots of new/updated extensions.

[Ryan Wagner]

I wonder if I could become a reviewer? I assume that they are just volunteers but that would be pretty cool.