A malicious Firefox extension called FirestarterFox is being installed by some of the latest malware variants. This extension hijacks all search requests through Google, Yahoo and Microsoft Live search and redirects them through the Russian site thebestwebsearch.net. This is done with the intention of showing ads on the search results page which presumably make money for the creator of this piece of malware.
Luckily the extension can’t be silently installed since Firefox alerts users to all new extensions. So if you ever start Firefox and get the message that a new extension called FirestarterFox has been installed you will immediately know that you have malware on your system and should take steps to remove it or reformat your system.
Firefox 3 was recently released. For those of you using this browser, check out this link to get tips on some features you can take advantage of in this new version of Firefox:
Firefox 3 Beta is an amazing program – I run it as my default browser and it works great. One thing you may be missing from the beta is the mouse gestures add-in, which is not compatible with Firefox 3 off the shelf. This little hack lets you install the mouse gestures add-on in Firefox 3 so that you can enjoy the beta with the full mouse gestures support available in Firefox 2.
- Download https://addons.mozilla.org/en-US/firefox/downloads/file/60/all-in-one_gestures0.18.0-fx.xpi and save it in a convenient folder on your hard drive.
- Rename the downloaded file so that it has a .zip extension
- Open the file in your favorite zip file manager (e.g. WinZip or WinRar)
- Extract the file install.rdf from the archive and open it in a text editor
- Change the line
<em:maxVersion>4.0.0.*</em:maxVersion> and save the file.
- Drag and drop your modified install.rdf file into the archive window that you have open to insert the updated file into the zip archive
- Rename the zip file back to all-in-one_gestures0.18.0-fx.xpi
- Drag and drop the file all-in-one_gestures0.18.0-fx.xpi onto a Firefox 3 browser window and complete the instalation
A new version of Firefox was released today, following the reports of several critical bugs that could allow remote code execution by clicking an URL. If you have automatic updating enabled in Firefox (it’s on by default) it should automatically update itself.
Release notes: http://en-us.www.mozilla.com/en-US/firefox/126.96.36.199/releasenotes/
Vulnerability details from Secunia: http://secunia.com/advisories/26201/