Useful Firefox Security Extensions

Page Content

Share:

Mozilla’s Firefox browser claims to provide a safer browsing experience out of the box, but some of the best security features of Firefox are only available as extensions.  Here’s a roundup of some of the more useful ones I’ve found.

  • Add n’ Edit Cookies This might be more of a web developer tool, but being able to view in detail the cookies that various sites set on your visits can be an eye-opening experience.  This extension not only shows you all the details, but lets you modify them too.  You’ll be surprised at how many web apps do foolish things like saving your password in the cookie.
  • Dr. Web Anti-Virus Link Checker This is an interesting idea—scanning files for viruses before you download them. Basically, this extension adds an option to the link context menu that allows you to pass the link to the Dr. Web AV service.  I haven’t rigorously tested this or anything, but it’s an interesting concept that could be part of an effective multilayer personal security model.
  • FormFox This extension doesn’t do a whole lot, but what it does is important—showing a tooltip when you roll over a form submission button of the form action URL. Extending this further to visually differentiate submission buttons that submit to SSL URLs would be really nice (as suggested by Chris Shiflett).
  • FlashBlock Flash hasn’t been quite as popular an attack vector as Javascript, but it still potentially could be a threat, and it’s often an annoyance.  This extension disables all embedded Flash elements by default (score one for securing things by default), allowing you to click to activate a particular one if you like.  It lacks the flexibility I’d like (things like whitelists would be very handy), and doesn’t give you much (any?) info about the Flash element before you run it, but it’s still a handy tool.
  • LiveHTTPHeaders & Header Monitor LiveHTTPHeaders is an incredibly useful too for web developers, displaying all of the header traffic between the client and server.  Header Monitor is basically an add-on for LiveHTTPHeaders that displays a chosen header in Firefox’s status bar.  They’re not really specifically security tools, but they do offer a lot of info on what’s really going on when you’re browsing, and an educated user is a safer user.
  • JavaScript Option This restores some of the granularity Firefox users used to have over what Javascript can and cannot do. I’d like to see this idea taken farther (see below), but it’s handy regardless.
  • NoScript This extension is pretty smooth.  Of all the addons for Firefox covered here, this is the one to get.  NoScript is a powerful javascript execution whitelisting tool, allowing full user control over what domains allow scripts to run. Notifications of blocked execution and the allowed domain interface are nearly identical to the built-in Firefox popup blocker, so users should find it comfortable to work with.  NoScript can also block Flash, Java, and “other plugins;” forbid bookmarklets; block or allow the “ping” attribute of the tag; and attempt to rewrite links that execute javascript to go to their intended donation without triggering the script code. The one thing I’d really like to see from this extension would be more ganularity over what the Javascript engine can access.  Now it’s only “on” or “off,” but being able to disable things like cookie access would eliminate a lot of potential security issues while still letting JS power rich web app interfaces.  Also read Pascal Meunier’s take on NoScript.
  • QuickJava Places handy little buttons in the status bar that let you quickly enable or disable Java or Javascript support. Note that this will not work with the latest stable Firefox (1.5.0.1).  Hopefully a new version will be available soon.
  • ShowIP This is another tool that isn’t aimed at security per se, but offers a lot of useful information. ShowIP drops the IP address of the current site in your status bar.  Clicking on it brings up a menu of lookup options for the IP, like whois and DNS info.  You can add additional web lookups if you like, as well as passing the IP to a local program.  Handy stuff.
  • SpoofStick The idea with this extension is to make it easier to catch spoofing attempts by displaying a very large, brightly colored “You’re on ” in the toolbar. For folks who know what they’re doing this isn’t wildly useful, but it could be just the ticket for less savvy users.  It requires a bit too much setup for them, though, and in the end I think this is something the browser itself should be handling.
  • Tamper Data Much like LiveHTTPHeaders, Tamper Data is a very useful extension for web devs that lets the user view HTTP headers and POST data passed between the client and server. In addition, Tamper Data makes it easy for the user to alter the data being sent to the server, which is enormously useful for doing security testing against web apps. I also like how the data is presented in TD a bit better than LiveHTTPHeaders: it’s easier to see at a glance all of the traffic and get an overall feel of what’s going on, but you can still drill down and get as much detail as you like.

Got more Firefox security extensions?  Leave a comment and I’ll collect them in an upcoming post.

    [tags]firefox, extensions, security, privacy, safe_browsing, browser, web, flash[/tags]

Comments

under the principles of the Attention Trust a way to securely store and share your clickstream data.

http://www.attentiontrust.org/services

Posted by Jonas Goldstein on Friday, March 17, 2006 at 06:59 AM

[...] read more | digg story [...]

Posted by Not So Informed » List Of Security-related F on Friday, March 17, 2006 at 07:02 AM

Has anyone ever coded a greasemonkey script or other extension to add GPG support to Gmail?  That’d be the killer app security extension IMHO.

Posted by nate on Friday, March 17, 2006 at 07:20 AM

Personally I’d like to see an extension that allows Firefox to support ftps.  Either a 2 paned drag/drop type ftp client that supports ftps, or simply being able to put in ftps:// in the address window.

Posted by Zate on Friday, March 17, 2006 at 07:27 AM

[...] read more | digg story [...]

Posted by AlbanyWiFi.com » Blog Archive » List O on Friday, March 17, 2006 at 07:44 AM

<strong>List of Firefox security extensions…</strong>

Here’s a good selection of Firefox security extensions on the CERIAS, Purdue University  website.  Of these, NoScript  is probably the best one - this will offer you a high level of protection.
(via Sunbelt Blog )
......

Posted by The PC Doctor on Friday, March 17, 2006 at 07:48 AM

I found these 50 Best Extensions For Firefox which you might like.
http://www.quickonlinetips.com/archives/2005/12/50-best-firefox-extensions-for-power-surfing/

Posted by ravi on Friday, March 17, 2006 at 07:54 AM

You should check out MIT’s Siteadvisor. It’s an extension for Firefox that rates most of the sites on the web. It’s difficult to explain, go see for yourselves.

Posted by Jakalack on Friday, March 17, 2006 at 07:57 AM

Cookie Button is quite useful.  it allows you to manage site’s cookies with a single click. For a privacy freak like me, a must-have.
http://basic.mozdev.org/cookiebutton/

Posted by randomguy on Friday, March 17, 2006 at 08:02 AM

Good List of plugins. Blocking of Flash is quite useful.

Posted by Sandeep on Friday, March 17, 2006 at 08:55 AM

For those with real privacy concerns, both SafeCache and SafeHistory plug holes in Firefox that are used to track you around the web. http://www.safecache.com
http://www.safehistory.com

Posted by Andrew on Friday, March 17, 2006 at 09:08 AM

I made VerifyURL when SpoofStick first came out. It’s very similar, but I made it when SpoofStick had its own toolbar, which I didn’t like. It just adds a context menu item and toolbar button with the “show hostname” javascript bookmarklet that’s been around for quite a while. I decided to make it into an extension with a button when the first good Firefox UI spoof came out, and I couldn’t access the bookmarklet in my bookmarks bar because of the spoofed UI. I actually prefer the new SpoofStick, but this is handy for those who want a quick way to check the hostname, without having SpoofStick show it all the time.
http://invisibill.mozdev.org/verifyurl/

Posted by InvisiBill on Friday, March 17, 2006 at 09:28 AM

Re: Zate—“Personally I’d like to see an extension that allows Firefox to support ftps. Either a 2 paned drag/drop type ftp client that supports ftps, or simply being able to put in ftps:// in the address window.”

First off… Google is your friend, second, searching for extensions yourself before hijacking someone’s blog == good.

Thirdly
Try out FireFTP: https://addons.mozilla.org/extensions/moreinfo.php?id=684&application=firefox

Posted by Dusty on Friday, March 17, 2006 at 09:31 AM

[...] Heres a nice collection of Fire Fox extensions that will help make your browser more secure definetly worth checkin’ out! < ?php wp_sociable(‘simpy,delicious,yahoo,digg’); ?> [...]

Posted by Geek HeadQuarters » Fire Fox Security Extens on Friday, March 17, 2006 at 10:29 AM

Extending this further to visually differentiate submission buttons that submit to SSL URLs would be really nice (as suggested by Chris Shiflett).

See my greasemonkey script here:
http://www.phpdoc.info/greasemonkey/ssl-indicator.user.js

S

Posted by Sean Coates on Friday, March 17, 2006 at 10:57 AM

Just a quick correction - Flashblock does indeed support whitelists.  I’m running 1.5.1 and have a few sites whitelisted myself, but i’m pretty sure this functionality dates back a bit to previous branches.

Posted by syndromes on Friday, March 17, 2006 at 11:17 AM

Passwordmaker is an excellent password manager extension.

Posted by Nightshade on Friday, March 17, 2006 at 11:29 AM

[...] http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-22/ [...]

Posted by The Security Catalyst » Blog Archive » on Friday, March 17, 2006 at 11:52 AM

<strong>Navegación segura en Firefox…</strong>

Una lista con las extensiones más útiles para Firefox relativas a la seguridad en la navegación: Add n’ Edit Cookies, Dr. Web Anti-Virus Link Checker, FormFox, FlashBlock, LiveHTTPHeaders, Header Monitor, JavaScript Option, NoScript, QuickJava, Sh…

Posted by meneame.net on Friday, March 17, 2006 at 03:09 PM

[...] באתר זה תוכלו להוריד תוספי אבטחה לדפדפן Firefox [...]

Posted by הבלוג של × ×”×•× on Friday, March 17, 2006 at 03:22 PM

[...] Visit [The List at CERIAS Weblogs] [...]

Posted by Sam Ideas, Thoughts, Programming » Firefox S on Friday, March 17, 2006 at 06:10 PM

[...] read more | digg story [...]

Posted by BlackFlag Security » Blog Archive » Li on Friday, March 17, 2006 at 07:46 PM

[...] read more | digg story [...]

Posted by BlackFlag Security » Blog Archive » Li on Friday, March 17, 2006 at 08:25 PM

<strong>Firefox Security Extensions…</strong>

We all know there are hundreds of firefox extensions and more are released with every passing day. It´s a time consuming task to stay up to date, that´s when pre compiled lists of useful firefox extensions come into play. This one at cerias (The Cen…

Posted by gHacks on Friday, March 17, 2006 at 08:34 PM

Good job!

Posted by Ivan Minic on Friday, March 17, 2006 at 10:55 PM

Leave a comment

Commenting is not available in this section entry.