Fx should make it obvious to users that it is protecting them from ActiveX-based spyware




Safe Browsing
11 years ago
4 years ago


(Reporter: Jason Spiro, Unassigned)


Firefox Tracking Flags

(Not tracked)




11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20060909 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20060909 Firefox/

Every time you visit a website which would have loaded a rogue ActiveX control, Firefox should increment an internal counter. The contents of this counter should be shown in the Help > About dialog box:

"Firefox prevented 3 pieces of malware from infecting your computer today. Thank you for using Firefox - the safer browser."

Reproducible: Always
This would require that we be able to understand ActiveX and implement some sort of heuristic for determining whether a control is "rogue" or not. All for something that doesn't provide any real benefit and increases the browser's attack surface.
This sounds like a niche for an extension to fill to me.
Last Resolved: 11 years ago
Resolution: --- → WONTFIX
Version: unspecified → 1.5.0.x Branch

Comment 2

11 years ago
Why would we need to be able to understand ActiveX? Certain controls are known-bad controls. I bet the authors of anti-spyware IE plugins could provide us with a list. I assume we would then just have scan the first 3-4 KB of each page to see if the URLs of any of these controls were mentioned.

And this feature would provide a benefit to our users. Many of our users use multiple PCs. By proving that Firefox is safer, this feature would encourage them to install it on all their PCs. So, it would keep our users more spyware-free. Plus, it would also encourage our users to spread the word of Firefox, which would help users' friends keep their PCs spyware-free. This would make our users happy.
Component: General → English US
Product: Firefox → Tech Evangelism
Resolution: WONTFIX → ---
Version: 1.5.0.x Branch → unspecified
Assignee: nobody → english-us
QA Contact: general → english-us

Comment 3

11 years ago
Why is this in TE? This has nothing to do with evangelising sites not to use ActiveX or anything else that TE covers. This is an RFE for the Firefox product. Moving it over there.
Assignee: english-us → nobody
Component: English US → Phishing Protection
Product: Tech Evangelism → Firefox
QA Contact: english-us → phishing.protection
I agree w/rflint, this is extension-fodder. Keeping track of this would just slow pageload down so we could brag a little? Bad karma.
Last Resolved: 11 years ago9 years ago
Resolution: --- → WONTFIX


4 years ago
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.