Skip to Content

Listen to the Joystiq Podcast (because your ears can't read)
AOL Tech

Filed under: Internet, Security, Mozilla

Why Firefox makes you wait 3 seconds before installing extensions

by Jordan Running Aug 28th 2006

Firefox extension delayHave you ever wondered why Firefox makes you wait three seconds before you can click on the Install button when you want to install an extension? Most users (self included) assume that it's just to make users read the dialog. It turns out that's not the case--Jesse Ruderman explains that it's actually a security feature to keep people from unwittingly installing malicious code. He describes an ingenious exploit in which a user is presented, for example, a security (CAPTCHA) image to type in. JavaScript is used to initiate an extension installation when the user starts typing, and when the user types 'y' or enter, it triggers the 'Accept' or 'Install' button, allowing the malicious software to be installed. Since many users type faster than they could respond to the box popping up, the software is installed before they can react. (If you're confused, head over to Ruderman's blog, he explains it better than I can.) The delay in Firefox gives the user time to react and stop typing. Mozilla describes the solution in bug 162020, but the same vulnerability exists in other browsers, most notably Internet Explorer and its ilk.

Tags: delay, exploit, extension, firefox, install, mozilla, vulnerability

Reader Comments (Page 1 of 1)

Featured Time Waster

Civiballs is a beautiful, soothing physics puzzle Time Waster

CiviballsI have an absolute weakness for physics games, and while Civiballs isn't the strongest physics-based game, what it lacks in the physics department it makes up for a few times over in style and fun.

In Civiballs, you are presented with a few colored balls, and your goal is to get those balls into the same-colored urn on the level. The "civi" part of Civiballs is that there are 3 sets of levels to play, each representing a different civilization. While the civilization doesn't affect gameplay, the artwork for each level is beautifully themed to it's appropriate era.

To play the game, you are given only one tool - a sword with which to cut the chains that are holding the balls. The puzzle part of the game is in figuring out what order, and with what timing to cut each chain. Do it right, and all the right balls end up in the right urns, with no stray balls entering an urn (a no-no). Do it wrong, and you get to start over again.

Civiballs is not terribly deep on gameplay; the entire game can be completed in about 15 minutes. But if you enjoy this type of game, it will be a very enjoyable 15 minutes.

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures
Microsoft Security Essentials
Chromium Pre-Alpha on CrunchBang Linux
Safari 4 Beta
10 Firefox themes that don't suck
IE8 RC1
Download Squad at the Crunchies After-Party
Download Squad at the Crunchies
WordPress 2.7
Cooking Mama: Mama Kills Animals
Windows 7 Hands On
Comodo Internet Security
Android First-look: Amazon.com MP3 Store
Android First-look: Twitroid
Google Reader Android
Android Hands-On
Twine 1.0
Photoshop Express Beta
Mozilla Birthday Cake
Palm stuff
Adobe Lightroom 1.1

 


Follow us on Twitter!

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#BloggerPostsCmts
1Lee Mathews8079
2Jay Hathaway681
3Brad Linder684
4Jason Clarke312
5Grant Robertson912
6Christina Warren29
7Nik Fletcher20

Most Commented On (7 days)

Recent Comments

More Tech Coverage

AOL Radio