Firefox 7 on FreeBSD 8.2

[ronaldlees]

I have historically been lax about disabling the plugins that come with browser installations, even though I know they are exploit targets. My brand new FreeBSD 8.2 installation was one that I soon embellished with Firefox 7 and (of course) the PF firewall. Well, the default plugins for Firefox seem innocuous enough (The DivXA, Quicktime, VLC Multimedia, and the Win Media Player compatible plugin). Firefox 7 has the new (very nice) capability to run plugins in separate processes. This capability is what alerted me to the deluge of connections being made out of the browser via the plugins (browser out-flow traffic goes through my pf rule-set, of course). Occasionally, the plugin-container processes in the connection list were double or triple the base process connections. I was visiting sites that (I think) were not providing content for the listed plugins (Google, FreeBSD.org, NPR.org, etc.) I should note that I was doing this in a WIFI cafe (hacker heaven). Does Firefox have some hidden plugin, was I being hacked, or do these plugins handle mime types that I don't know about? I disabled all of the plugins in Tools:Addons, set ipc_plugins_enabled to false, along with various other plugin related switches in about:config. Now I never see the plugin container as a connection, and my content still displays fine. Am I unduly alarmed?

 

[SirDice]

Most, if not all, exploits for Firefox will be based on Windows. They simply will not work on FreeBSD. So, there's really nothing to fear.

That said, if someone created a FreeBSD specific exploit, you'd be up the proverbial creek.

I do suggest updating your ports tree. Firefox is currently at 9.0.1.

 

[drhowarddrfine]

Nowadays, significant traffic is created via javascript to communicate with the server in real time. Disable javascript to see if your traffic decreases. Google, in particular, is a heavy user of this which goes by the acronym AJAX.

 

[ronaldlees]

Crackers

Thanks for your comment about the java-script, but I'm still not understanding all of the traffic going out of those plugins. The pages I'm visiting shouldn't contain very much in the way of movie content, etc. I'm not using a flash plugin of any type. Guess I'll have to record some tcpdump data with Wireshark. That's something that makes me feel uncomfortably like a cracker when I'm sitting in an internet cafe, but it's probably the only way I'll figure out why the plugins are pushing all of that traffic. In the meantime, I'll keep all the plugins disabled. Maybe that should be the default in the configuration? Guess it depends upon what my packet captures tell me ...

 

[wblock@]

It doesn't need to be plugins generating all that traffic. Install NoScript and scripts that run will be under your control. Also, you'll see how many the average web page uses to do all sorts of things that are usually not for the user's benefit.