(wiki.mozilla.org)

288 points fernandotakai | 1 comments | 11 Aug 15 03:51 UTC | HN request time: 0.001s | source

Show context

hobarrera ◴[11 Aug 15 14:15 UTC] No.10041187[source]▶

>>10038999 (OP) #

> [...] plugins don't need to be signed.

So the worst kind of threat is still there. Great job, Mozilla!

replies(2): >>10041250 #>>10041442 #

MacsHeadroom ◴[11 Aug 15 14:48 UTC] No.10041442[source]▶

>>10041187 #

That's because plugins are going to need to be white-listed (modifiable via about:config). The win64 (beta) edition of Firefox only allows the Flash Player Plugin, for example.

replies(1): >>10042147 #

1. nightpool ◴[11 Aug 15 16:12 UTC] No.10042147[source]▶

>>10041442 #

isn't this still vulnerable to the attack reported up-thread where whatever malware just goes and changed about:config before installing their plugin? (and the reason that the addon opt-out is being removed from ff42)

↑

Firefox 42 will not allow unsigned extensions