MacInTouch Amazon link...

web browser security

Why does Firefox always set Google cookies, no matter how I set privacy or use a cookie blocker? Are these cookies worrisome?
Worrisome? I don't really know you well enough to give you a specific answer.

Obviously Google's main source of revenue is obtained by tracking your online activities and selling that information to clients who want to sell their wares to those that seem most interested in what they have to offer. If, for some reason, you object to that, then I guess you should worry; otherwise, it might help eliminate ads for things you have absolutely no interest in.
 


Ric Ford

MacInTouch
Update now:

Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1

Announced​
June 18, 2019​
Impact​
Critical​
Products​
Firefox, Firefox ESR​
Fixed in
Firefox 67.0.3
Firefox ESR 60.7.1
CVE-2019-11707: Type confusion in Array.pop​

Reporter
Samuel Groß of Google Project Zero, Coinbase Security​
Description
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.​
 


After configuring a system reinstall, I proceeded to download a couple of our usual assortment of browsers, including Firefox, and other apps. I was surprised to find that Firefox's default setting was set to open downloaded files, instead of offering an option to open, or save the file (at least in the case of the dmg file from Videolan: VLC Media Player, from their official web site).
 


The Washington Post has an interesting (and potentially frightening) article about browser extensions:
I found your data. It’s for sale.

I’ve watched you check in for a flight and seen your doctor refilling a prescription.

I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.

I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself...
While there was no specific inclusion of Safari, that doesn't mean it can't be affected. As many of us use Chrome or FireFox, it is something to be aware of.
 


The Washington Post has an interesting (and potentially frightening) article about browser extensions:
While there was no specific inclusion of Safari, that doesn't mean it can't be affected. As many of us use Chrome or FireFox, it is something to be aware of.
A couple of years ago, I saw an article on Howtogeek discussing the basic caveat that browser extensions garner very broad permissions vis a vis the "... need to interact with web pages (and) will almost always require the “Read and change all your data on the websites you visit”.

With the exception of a couple of Google apps, like Sheets and Google Docs, the only "extension" I use is the DishAnywhere extension to watch my Dish account broadcasts online, but from its own separate user account on the Mac. (My 2 cents.)
 


A couple of years ago, I saw an article on Howtogeek discussing the basic caveat that browser extensions garner very broad permissions
I have a low-end NUC that I use to experiment with Linux distributions installed to SATA SSDs as the boot drives.

Last night I installed the Ubuntu GNOME-based Pop!_OS from System 76. I'm pleasantly surprised with the distro and how System 76 has modified GNOME, but I wanted to watch a YouTube tutorial and was met with the message from YouTube that HD video replay requires Chrome. (Thank you, Google. In a better world, the anti-trust guys would shut that down, since Firefox is HTML 5 compliant.)

Having seen that before, the solution to Google's perfidious behavior is an extension by James Fray that appears in my Firefox Add-Ons list as "Auto High Quality for YouTube." But that's not how it is listed when searching the Firefox extensions "store." There, it's YouTube in HD (720p, 1080p, 1440p, 2160p) and what's important about it is the only permission it requests is: access your data for www. youtube. com.

Since I was on a computer with a brand new Linux install, and my main system was not on, I searched the Firefox extension "store" for "YouTube HD." Not surprisingly, first on the list is an extension appropriately named "YouTube HD", which seeks the following permission: access your data for all websites.

While I'd rather not need an extension to get around Google's attack on Firefox, I think there's a big difference between letting an extension I'm using on YouTube access YouTube vs. letting the other one from an unknown developer access my data for all websites.

EFF's "Privacy Badger" and uBlock Origin, keystones of browser privacy and security, both require the "data for all website" permissions, and the way browsers work, apparently need that to do what they do.

Clearly, the permission structure is broken.

And Mozilla needs to police its "Extension Store," as do other companies offering extensions and add-ons.
 


I have a new problem that has me stumped.

My wife's computer, as of this morning, won't show Google in the search engine bar. It is now set to Facebook. When I went into Preferences to change it, all search engines except Facebook are missing.

I reinstalled a fresh copy of Firefox, but nothing has changed.

I cannot find where on the Mac these are stored. I have checked User Library, and Mac Library pretty extensively, and nothing is obvious.

Nor can I google any info. All that comes up is how to switch to Google, in Preferences.

There is an easy way to load unusual engines, from Mozilla, but Google is not an option.

Help!
 


Ric Ford

MacInTouch
My wife's computer, as of this morning, won't show Google in the search engine bar. It is now set to Facebook. When I went into Preferences to change it, all search engines except Facebook are missing.
I really don't know what's going on there, but the first thing I'd do, personally, would be to run Malwarebytes for Mac.

(I'd also want to segregate backups from the computer and do a new backup on a different, spare drive, then install any pending Apple software updates, and do at least one reboot.)
 


My wife's computer, as of this morning, won't show Google in the search engine bar. It is now set to Facebook. When I went into Preferences to change it, all search engines except Facebook are missing. I reinstalled a fresh copy of Firefox, but nothing has changed. I cannot find where on the Mac these are stored. I have checked User Library, and Mac Library pretty extensively, and nothing is obvious. Nor can I google any info. All that comes up is how to switch to Google, in Preferences. There is an easy way to load unusual engines, from Mozilla, but Google is not an option. Help!
Firefox stores settings in ~/Library/Application Support/Firefox/Profiles/some-random-string.some-name, but it looks like maybe the search settings are in a semi-proprietary compressed file, "search.json.mozlz4" I recall that these files are a headache to open.

Try creating a new profile and see if the same problem occurs:

P.S. Take a look at:
 


Firefox stores settings in ~/Library/Application Support/Firefox/Profiles/some-random-string.some-name, but it looks like maybe the search settings are in a semi-proprietary compressed file, "search.json.mozlz4" I recall that these files are a headache to open.

Try creating a new profile and see if the same problem occurs:

P.S. Take a look at:
Thanks! This gives me something to dig into.

Ric, thanks. Malware is a good idea. I just sorta figured, if there was something out there switching users to Facebook, it'd be reported.
 



Ric Ford

MacInTouch
Here's a warning from Ars Technica about an active scam targeting Firefox users:
Dan Goodin said:
Actively exploited bug in fully updated Firefox is sending users into a tizzy
Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked.

... The attack works on both Windows and Mac versions of the open source browser. The only way to close the window to is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS.
 




Ric Ford

MacInTouch
All kinds of plug-ins can create big security problems. Here's an update on some culled from the Mozilla Firefox collection:
ZDNet said:
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks | ZDNet
Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code.

The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them.

The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server.
 


Ric Ford

MacInTouch
Anti-virus vendor Avast has been collecting users' browsing histories and selling that personal information....
Vice said:
Leaked Documents Expose the Secretive Market for Your Web Browsing Data
An antivirus program used by hundreds of millions of people around the world is selling highly sensitive web browsing data to many of the world's biggest companies, a joint investigation by Motherboard and PCMag has found. Our report relies on leaked user data, contracts, and other company documents that show the sale of this data is both highly sensitive and is in many cases supposed to remain confidential between the company selling the data and the clients purchasing it.

The documents, from a subsidiary of the antivirus giant Avast called Jumpshot, shine new light on the secretive sale and supply chain of peoples' internet browsing histories. They show that the Avast antivirus program installed on a person's computer collects data, and that Jumpshot repackages it into various different products that are then sold to many of the largest companies in the world. Some past, present, and potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Home Depot, Condé Nast, Intuit, and many others. Some clients paid millions of dollars for products that include a so-called "All Clicks Feed," which can track user behavior, clicks, and movement across websites in highly precise detail.
 



I used Avast's own uninstaller. It left behind:
/Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/​
which contains two directories,
AvastFileShield.kext​
AvastPacketForwarder.kext​

They don't kextunload and they don't rm -rf safe mode or no. Any suggestions on getting rid of them would be much appreciated.
 


I used Avast's own uninstaller. It left behind:
/Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/​
Normally, extensions in that directory won't load until you approve their installation and they are copied to /Library/Extensions, so I doubt that they are doing anything except taking up room on your drive. I suspect you will see several other such extensions left behind by the system which you won't be able to remove, either – something we've all experienced recently, even if not noticed.

This Terminal Command will tell you what non-Apple .kexts are actually loaded:
Code:
kextstat | grep -v com.apple
 


I used Avast's own uninstaller. It left behind:
/Library/StagedExtensions/Applications/Avast.app/Contents/Backend/drivers/​
which contains two directories,
AvastFileShield.kext​
AvastPacketForwarder.kext​

They don't kextunload and they don't rm -rf safe mode or no. Any suggestions on getting rid of them would be much appreciated.
You can get rid of items in the Staged Extensions folder by rebooting into recovery mode (Command-R), Open Terminal and enter csrutil disable then enter reboot.

After rebooting you can simply move the unwanted Staged Extensions to the trash.

Reboot again into recovery mode, open Terminal and type csrutil enable then enter reboot

Done!
 


Normally, extensions in that directory won't load until you approve their installation and they are copied to /Library/Extensions, so I doubt that they are doing anything except taking up room on your drive. I suspect you will see several other such extensions left behind by the system which you won't be able to remove, either – something we've all experienced recently, even if not noticed.
This Terminal Command will tell you what non-Apple .kexts are actually loaded:
Code:
kextstat | grep -v com.apple
Surprisingly (to me, at least), kextstat says I only have two non-Apple kexts running, LittleSnitch and Soundflower. However, I have 21 kexts in Staged Extensions, dating back as far as 2012. So, I presume these can be safely deleted?
 



Normally, extensions in that directory won't load until you approve their installation and they are copied to /Library/Extensions, so I doubt that they are doing anything except taking up room on your drive. I suspect you will see several other such extensions left behind by the system which you won't be able to remove, either – something we've all experienced recently, even if not noticed.
This Terminal Command will tell you what non-Apple .kexts are actually loaded:
Code:
kextstat | grep -v com.apple
And if you use this command:
Code:
sudo kextcache --clear-staging
you can delete all of StagedExtensions without having to disable SIP, according to the folks at StackOverflow. It worked for me; however, ahem... I discovered afterwards that I had forgotten to restore SIP last time I disabled it. My only excuse is I find myself having to disable SIP with frustrating frequency. Anyway, StackOverflow says it doesn't care about SIP, and the kextcache man page seems to agree.
 




Raj

You can get rid of items in the Staged Extensions folder by rebooting into recovery mode (Command-R), Open Terminal and enter csrutil disable then enter reboot.
After rebooting you can simply move the unwanted Staged Extensions to the trash.
Reboot again into recovery mode, open Terminal and type csrutil enable then enter reboot
Done!
If you go back about a month in this discussion, you'll see that I had to do the exact same thing. This is a terrible "uninstaller". What are these companies thinking? I would never install an Avast product on anyone's Mac again, as a result of this -- so much negative feedback for their software, especially selling personal information, as Ric noted above.
 


They are permanently gone here, but maybe because I did, in fact, have SIP disabled, and had forgotten.
It gets worse. When I finally got around to restoring SIP, when I rebooted the contents of StagedExtensions had been restored.

I verified this. Verifying SIP was enabled, I ran the sudo "kextcache --clear-staging." I verified StagedExtensions was again empty. Booted into Recovery, disabled SIP, rebooted, verified StagedExtensions was still empty. Booted into Recovery, enabled SIP, rebooted, and the contents of StagedExtensions were restored.

If you sudo rm the contents while SIP is disabled, re-enabling SIP has the same result. The contents are restored.
 


The following article has some good information on the current state of security features found in Firefox. If anything, it is a good reminder to walk through your settings to make sure all the appropriate flags have been set, and have not been switched on or off by some recent update.
The Verge said:
How to use Firefox’s tools to protect your privacy while browsing
Firefox provides a number of tools to help protect you against tracking by first-party cookies (which are usually used for things like remembering your login information) and third-party tracking cookies (which are often used by advertisers and others to collect information and track your online behavior). Below are step-by-step instructions on how to adjust the settings to maximize protection against cookies or eliminate them altogether. We also look at how Firefox is dealing with fingerprinting, which tracks you by aggregating small details about your system configuration and creating an identifiable “fingerprint.”

Keep in mind that any privacy issues that Firefox doesn’t handle may be fixable by using extensions and apps.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts