• Please review our updated Terms and Rules here

Firefox Internet Security Issue

It depends on how the ad blocker works. Some blockers just never load the ad content, others load the content but hide it from the user. AdNauseam will even "click" on the ad.

It's a game of cat and mouse though. Sites and advertisers figure out how to detect blockers, blockers figure out how to avoid detection, and the cycle repeats...
 
I just remembered that there is a browser extension that I can't remember the name of, that not just blocks ads but also actually loads the ads in an invisible way, and also simulates clicking on every ad and also invisibly loads the target page. This of course costs a lot of performance of your computer/browser, but it also causes harm to the advertising companies as they see that they placed an ad somewhere that results in traffic to their site that didn't lead to any sales or whatnot. Will of course not work if the ad is for a single page campaign site of sorts, but I think that is rare.
 
Quagmire said:
I have W7 installed as a gamer only on one box and it looks to me as it would be a real hassle to use as a daily driver these days. I'd have to find a better way.
Click to expand...

Here too. I've threw away Windows on daily driver recently.
The W7 computer is contemporary, I rebuilt my old PC, everything bar GPU which is a bottom end model from mid 10s (to be small and passive).
When I transfer files via samba, I get sustained 120 MB/s. It baffles me, regardless of age, that computer as fast as this can be obsolete.
 
I've got about 2 dozen windows 7 machines, and I'm beginning the rollout of R3dfox 148.0 to them all. No hurry of course, as Firefox is still mostly working.
 
I just received an update from Firefox for the ESR version. I thought they were done supporting this release at the end of February but here comes another update. New version is R115.34.0 (32 bit).
Still doesn't fix the issues with Home Depot, etc.
 
Even though I spent over 20 years in IT on the mainframe, nearly all this PC stuff goes over my head. So forgive my ignorance on this subject but I have a basic question.

Exactly what types of security holes are opened up when using an older browser and OS? While I can no longer get to homedepot.com and lowes.com with Firefox, I can get there with an old version of Chrome, which hasn't had a security update in forever. What risk am I running if I actually do a user signon to one of these sites via Chrome?

Thanks...Joe
 
You'd have to dig into the known CVE list and see what version of Firefox fixed what CVEs.

www.mozilla.org

Security Advisories for Firefox

www.mozilla.org www.mozilla.org

But these are only *known* vulnerabilities. There are going to be plenty of vulnerabilities in even the latest versions of any browser that may take years or even decades to find, or never be found at all. Threat actors love collecting these to use to their own advantage, or sell them on to someone that does. When these types of vulnerabilities pop up and are being exploited, they're usually called "zero days" since they are/have been exploited in the wild since the wider public has been made aware of them.

If you're using an archaic version of Windows and a web browser, it's akin to walking around the red light district and sampling whatever and hope you don't get anything. And hoping nothing reaches out and touches you, because there are probably millions of scanners out on the open internet constantly reaching out and touching systems to look for vulnerabilities they can exploit and turn machines into zombies for botnets or other nefarious activity.
 
Grandcheapskate said:
Exactly what types of security holes are opened up when using an older browser and OS?
Click to expand...
A malicious web site might install a data stealer into your web browser. Steals your account information for homedepot.com and/or lowes.com, injects itself into any orders, does all the fun things one does with stolen identities and credit card information. Might also install a little utility to mine crypto currencies into your system or turn it into part of a botnet, to be used to spread viruses or run denial of service attacks for extortion elsewhere. Or try to extort you.

An insecure machine can easily become part of the problem, even for secure machines, and you'd never know. Unless it starts mining, your CPU fan start screaming and your power bill goes up - but you'd be surprised how many people wouldn't notice that, either. A benign case just causes the system to crash constantly, like in the good old days of early Windows XP without any firewalls.

Web browsers are operating systems in their own right, but the applications they run are not under your control.
 
That's great and all, but it is possible to escape the virtualized environment through CPU and driver bugs. It's why the accelerated video driver for Windows XP was removed from Virtualbox.
 
rittwage said:
As more sites begin to require TLS 1.3 and stop supported TLS 1.2, Windows 7 will stop being able to reach those sites, right?
Click to expand...
was going to say this too. there's a tls patch for it tho, we had to use it at work briefly as we ran into the same problem but around the time 7 was ending support. ill see if we still have a copy of it and i'll upload it tomorrow if i have time
 
I read somewhere that Firefox extended it's support for W7 until August 2026. I could find nothing about this on the Mozilla site, but I am sill receiving (security) updates. Can anyone confirm this extension? Thanks.
 
Yes, current version 115.36.0 esr.

And windows 7 can use TLS 1.3 perfectly fine. Even Firefox 52.9 on XP can use it, if it's enabled.
 
Robbbert said:
Yes, current version 115.36.0 esr.

And windows 7 can use TLS 1.3 perfectly fine. Even Firefox 52.9 on XP can use it, if it's enabled.
Click to expand...
I don't believe Windows 7 supports TLS 1.3 natively.

Firefox uses it's own SSL engine, so some form of it may work by using Firefox, but the underlying OS will not.
 
Let's see if @austin86 can provide the patch, presumably a .reg file, and then we can see what it does.

I know with XP and Vista the support for TLS 1.1 and 1.2 was there but disabled, you had to remove an entry from each section. I don't know if that was for the entire OS or just for IE8.
 
GiGaBiTe said:
If you're using an archaic version of Windows and a web browser, it's akin to walking around the red light district and sampling whatever and hope you don't get anything. And hoping nothing reaches out and touches you, because there are probably millions of scanners out on the open internet constantly reaching out and touching systems to look for vulnerabilities they can exploit and turn machines into zombies for botnets or other nefarious activity.
Click to expand...

Wait but reaching is impossible due to NAT. Unless you allow the router to be configured by OS via upnp which I think is bollocks.

Assuming there is a browser that runs on Windows 2000 and can open vcfed, exactly what should happen if you just pop in the cable to the router, get a lease, fire up that browser and use the forum?

A user-generated content site is always risky because it has to parse and regulate the user content well not to allow environment where posted content is an exploitation vector for someone's browser. Id say in the case of vulnerable browsers the secure design of visited website is paramount.
 
You must log in or register to reply here.
Back
Top