User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041031 Firefox/1.0RC2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041031 Firefox/1.0RC2 There's an application, called Atelier Web Firewall Tester, that uses several methods to bypass your firewall. You can find it here: http://www.firewallleaktester.com/leaktest7.htm It comes with 6 tests to try to bypass the firewall: some, starting off with test Two, use the default browser to send data under someone's nose, without them even knowing. Since Firefox is my default browser, it's able to use Firefox. It sends a packet through firefox.exe (it shows up in my firewall log), and it retrieves the data without the screen ever having to even flicker. The only way someone knows the data was sent out is either by looking at the test results (which once again are confirmed by my firewall log). Yes, I realize this is to test firewalls, but this also has to do with the browser. The fact that Firefox can be used to send and receive data without the end-user ever knowing about it can prove to be a critical security risk. Here's what I think should be done: If an external application attempts to use Firefox, the user should be made aware of it by Firefox itself; and given the option to allow the data to go through, or to refuse it (not by any kind of firewall (which wouldn't be able to detect it most likely anyways)). If the user refuses the data to be sent, then Firefox should do nothing at all. Else, allow the data to go through, obviously. That test is just showing how a browser can be hijacked, and someone could no nothing about it at all, and this can be a security problem, so the user needs to be made aware of an external application using Firefox, and be given a choice as to what should happen with the data. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Invalid. Firefox is a web browser, not an operating system. If you want your applications to be protected from each other, you'll have to find an operating system (not a personal firewall or set of applications) that provides that protection.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.