Questions tagged [plugins]

35 questions
70
votes
8 answers

Why use HTTPS Everywhere when we have HSTS supported browsers?

I know that the browser's default protocol to access any site is http:// when https:// is explicitly not mentioned, but even then if we browse to a website say www.facebook.com, the response header from the Facebook servers would have HSTS mentioned…
GypsyCosmonaut
  • 882
  • 1
  • 7
  • 16
40
votes
3 answers

Is Ghostery safe to use?

I've heard about Ghostery, a browser extension/plugin that blocks web trackers. But according to this link it sells our data. Are add-ons and plugins open source in Firefox? Is there another alternative to Ghostery?
Vesal75
  • 559
  • 1
  • 5
  • 8
24
votes
2 answers

Why do Chrome extensions need access to 'all my data' and 'browsing activity'?

Often I install simple add-ons for Google Chrome. However, they almost all need what appears to me as excessive access to my data. For instance, I install an extension that allows me to click on any part of a page and it gives me the color of the…
user5672
18
votes
3 answers

What security risks does Firefox 19's built-in PDF reader (pdf.js) bring?

Firefox 19 ships with pdf.js as the default PDF reader. One of the main stated goals is to reduce the exposure of users to the often vulnerable Adobe PDF reader/plugin. So what new risks does pdf.js bring? An attacker that can get a user to browse…
Michael
  • 2,118
  • 15
  • 26
16
votes
3 answers

How secure is "Firefox Hello"?

The new "Firefox Hello" feature promises easy and safe video conversation. It is not nescessary to create an account, you simply share a link with your partner to start the conversation. The communication is promised to be "private and secure" on…
dervonnebenaan
  • 365
  • 2
  • 7
14
votes
3 answers

How trustful are KeePass plugins?

KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don't because I'm scared of what this plugin can really do without my consent. The documentation about plugin development is really short. I…
Jérôme MEVEL
  • 301
  • 2
  • 10
12
votes
1 answer

Virus attached or included in VST(i) Plugin

VST Plugins are DLL files available to be put into a folder in the Music Tool which then can use this as a plugin. Does VST have a mechanism not to execute malicious code inside the dll file? Can I safely install them without anti-virus?
Daniel W.
  • 267
  • 2
  • 10
8
votes
2 answers

Will disabling the Java add-on in IE protect you from Java exploits?

Concerning the recent Java vulnerability (Should I be disabling Java?), the most common advise seems to be to disable Java plug-ins in the browser. However, Heise Security suggests that, when it comes to Internet Explorer, this might not be…
Heinzi
  • 2,914
  • 2
  • 21
  • 25
7
votes
2 answers

Are inactive vulnerable Wordpress plugins still unsafe?

When you install a plugin in WordPress you can choose to activate or deactivate it. Let's say you have a plugin of which the latest version is vulnerable to XSS for example and you're waiting for a security fix to be released. Should I disable or…
6
votes
1 answer

Detecting disabled Chrome plugins using JavaScript

My cable was on the fritz this weekend and I had to visit a friend to watch HBO online. Something weird happened that has been bothering me. I have disabled the Flash plugin on Chrome, since all websites that I use support HTML5 video playback.…
Jedi
  • 3,906
  • 2
  • 24
  • 42
4
votes
2 answers

security and the well constructed Qt plugin

"All you'd have to do is build a plugin and you could completely pwn the software." I'm building an application using plugins. I think all you have to do is build a plugin and copy it into the correct directory and my main program would happily run…
Jay
  • 141
  • 3
4
votes
4 answers

Is silverlight and Java running on the web browser capable of saving "state" into the user's local machines?

I am aware that even after we have cleared our cache and cookies, websites can still save files/information into our computer using Flash (Flash ever cookies), I was wondering does other plugins like Silverlight and Java have this…
Pacerier
  • 3,253
  • 6
  • 34
  • 61
4
votes
1 answer

Metasploit. Is always replacing domain names with resolved ips on RHOST/RHOSTS?

There is a website which I want to audit. That site must have a concrete Virtualhost configuration because if you access to it using the domain name the website is shown, but if you use the ip address the website is not shown. If I launch an…
OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
3
votes
2 answers

Can Tamper Data (the plugin) modify multipart requests?

I'm doing some testing on my web app with Tamper Data. I've had success with Tamper Data in the past for normal HTTP post requests, but in this particular case I want to modify a post request that that has the content-type set to…
Mark E. Haase
  • 1,902
  • 2
  • 15
  • 24
2
votes
1 answer

Open source alternatives to tamper data

I'm developing a browser(firefox) plug-in which essentially checks for malicious input. My current approach is to store all input fields sent in GET/POST requests, try to heuristically determine potential attack vectors and drop requests in case…
Sebi
  • 1,391
  • 9
  • 16
1
2 3