Filed under: Internet, Security, Mozilla
Why Firefox makes you wait 3 seconds before installing extensions
Have you ever wondered why Firefox makes you wait three seconds before you can click on the Install button when you want to install an extension? Most users (self included) assume that it's just to make users read the dialog. It turns out that's not the case--Jesse Ruderman explains that it's actually a security feature to keep people from unwittingly installing malicious code. He describes an ingenious exploit in which a user is presented, for example, a security (CAPTCHA) image to type in. JavaScript is used to initiate an extension installation when the user starts typing, and when the user types 'y' or enter, it triggers the 'Accept' or 'Install' button, allowing the malicious software to be installed. Since many users type faster than they could respond to the box popping up, the software is installed before they can react. (If you're confused, head over to Ruderman's blog, he explains it better than I can.) The delay in Firefox gives the user time to react and stop typing. Mozilla describes the solution in bug 162020, but the same vulnerability exists in other browsers, most notably Internet Explorer and its ilk.
Get a WordPress.com Blog
With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet.
They key to getting good at Graveyard Shift is learning to use ...
Reader Comments (Page 1 of 1)
John Bartkowicz said 4:29PM on 8-28-2006
........oooohhhhhhhhhhhhh.......
Reply