Closed
Bug 966733
Opened 10 years ago
Closed 5 years ago
Do not allow external software to modify the default search engine
Categories
(Firefox :: Search, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: marco, Unassigned)
References
Details
Attachments
(1 file)
119.22 KB,
image/jpeg
|
Details |
I think this is a pretty important problem, because other browsers are not affected. There is some software that modifies the Firefox's default search engine without asking the user (and the user is unable to restore it to its pristine value, because the software keeps modifying it). We should either ask the user if they really want to change default search engine or disallow external software to change it.
Comment 1•10 years ago
|
||
(In reply to Marco Castelluccio [:marco] from comment #0) > I think this is a pretty important problem, because other browsers are not > affected. Which specific problem are you referring to? Chrome searches get hijacked too, in various ways. > There is some software that modifies the Firefox's default search engine > without asking the user (and the user is unable to restore it to its > pristine value, because the software keeps modifying it). > > We should either ask the user if they really want to change default search > engine or disallow external software to change it. We can't really win a war against privileged software/malware with system admin privileges. That's a reality we need to take into account when designing solutions. It would probably help to focus on specific cases. Do you know of specific kinds of software/malware that cause this problem?
Reporter | ||
Comment 2•10 years ago
|
||
I was helping to fix an infected computer, Firefox search engine was reset by a software called qov6, Chrome was unaffected (there was a dialog explaining that an attempt to change the default search engine had been blocked). So I thought we could do better. Maybe with a blocklist? Or if you have a Firefox Account we could avoid hijacks by checking if the local default search engine is the same as the default search engine stored on the sync servers.
Reporter | ||
Comment 3•9 years ago
|
||
> Which specific problem are you referring to? Chrome searches get hijacked too, in various ways.
Another example: the AVG antivirus changes the default Firefox search engine on update (or maybe it was about:home, I don't recall), but it doesn't do the same with Chrome or IE.
Reporter | ||
Comment 4•8 years ago
|
||
Another example, Edge was unaffected. Can we blocklist these websites? I know we can't win a war against privileged malware, but as with addon signing even simple measures could be effective.
Comment 5•5 years ago
|
||
We currently have various mechanisms in place that help us prevent hijacking and other malicious activity/unexpected changes. If you know of any specific active/current attacks we'd certainly be interested in hearing about them.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•