Filed under: Internet, Security, Mozilla
Why Firefox makes you wait 3 seconds before installing extensions
Have you ever wondered why Firefox makes you wait three seconds before you can click on the Install button when you want to install an extension? Most users (self included) assume that it's just to make users read the dialog. It turns out that's not the case--Jesse Ruderman explains that it's actually a security feature to keep people from unwittingly installing malicious code. He describes an ingenious exploit in which a user is presented, for example, a security (CAPTCHA) image to type in. JavaScript is used to initiate an extension installation when the user starts typing, and when the user types 'y' or enter, it triggers the 'Accept' or 'Install' button, allowing the malicious software to be installed. Since many users type faster than they could respond to the box popping up, the software is installed before they can react. (If you're confused, head over to Ruderman's blog, he explains it better than I can.) The delay in Firefox gives the user time to react and stop typing. Mozilla describes the solution in bug 162020, but the same vulnerability exists in other browsers, most notably Internet Explorer and its ilk.
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
John Bartkowicz said 4:29PM on 8-28-2006
........oooohhhhhhhhhhhhh.......
Reply