I’m using Firefox 66.0.3 on Ubuntu, and like everyone else I’m experiencing the certificate bug which causes addons to be disabled. However, in one of my user accounts, the addons still work like a charm. I only have one Firefox, from the official repos. Should I assume that my installation is compromised somehow?
Ive used Firefox for years, but in a recient update, Firefox Quantum, disabled all of my Firefox addons. The addon page in Firefox shows a link to a Firefox help page that states the reason. “Only extensions built using WebExtensions APIs will work. .” At the bottom of the page it gives a work around. Set;
xpinstall.signatures.required to false in
about:config. I was able to reinstall one addon, Video DownloadHelper, but the rest I try to reinstall gives me a message in a red box,
Download failed. Please check your connection. Is there something else I can do before I try a different browser?
Dell Optiplex 7040, Ubuntu 18.1, Firefox 66.0.3 (64-bit)
you deleted my post.
Sorry, I didn’t mean to tell the truth it’s so hard to deal with and I guess you know it was the truth by how quickly you deleted it.
[GET][NULLED] – Premium Addons PRO for Elementor v1.5.2
[GET][NULLED] – Premium Addons PRO for Elementor v1.5.1
[GET][NULLED] – Piotnet Addons For Elementor Pro v4.6.0
[GET][NULLED] – Premium Addons PRO for Elementor v1.4.9
HTML5 has a DRM framework Encrypted Media Extensions (EME), that allows DRM companies to create content decryption modules (CDM) to decrypt DRM protected content. Browsers should use a sandbox to run the CDM, so that security holes that allow access to the computer are not as dangerous as it was when Flash was used for DRM. Furthermore it is a plugin concept, that allows more companies to provide modules for different forms of DRM, so that competition is enabled.
But when there is a standardized API for modules and the modules themself run in a sandbox (and thus have limited ability to modify the system to protect themself), how can they protect the output stream? The site sends encrypted data, that goes into the CDM, and then the CDM plays a video using a standard API inside the browser. How does the CDM avoid, that I patch the API to dump the stream to the disk instead of playing the video?
For example the widevine CDM provided by Google seems to link against ffmpeg. What would happen, when somebody starts grabbing the data that goes into the decoder in the ffmpeg library? Then the attacker could store the video stream (probably some MP4 format). Another option would be to grab the output of the decoder and save raw video data.
How does the CDM protect its output?
I am aware, that Netflix in Full HD does not use this mechanism, but relies on a trusted media path, thus requiring Windows 10 (I guess booted with secure boot), a recent Intel processor and a HDCP capable monitor, so the trust chain is never broken. But most other DRM video uses EME with one of the common CDMs.
So previously I asked a question about what type of private data can addons extract from my browser :
Can a malicious add-on access internet history and such in Chrome/Firefox?
and it turns out if they simply have a permission to read content of the page I’m visiting which most of them have, then they can simply send it to their server and basically record my history this way (since addons dont need permission to access internet and send data)
now my question is, do popular Internet security programs like Kaspersky and their addons detect this type of malicious activity and stop it?
if not, what should I do? because even if an addon is well known I cant still be sure that its not doing something malicious after their latest update, and I don’t have the knowledge to check if they are malicious or not. and I cant simply stop using addons since I need most of them! (but I wont install newly made add-ons with no reputation)
so what is the solution here? how can I make sure that no malicious activity is taking place by firefox/chrome addons, is there any good Internet-security/Anti-Virus/addon that does that?
also do chrome and firefox check addons to make sure they are not malicious before putting them in their websites or not? if so, then how likely is it that they miss a malicious addon?