[LINK] Firefox security issue
stephen at netweb.com.au
Sat Nov 3 07:32:52 AEDT 2007
A bit more on Firefox/Google commercial links for Link!
[snip] (More details and explanation in the full article)
First, a few highlights of the Firefox-Google relationship.
Fact: $56 million of the $66 million that Mozilla made in 2006 came from Google. The vast majority of this was due to the fact that Google is the default search engine for queries entered into the Firefox search bar.
While Apple also gets a nice chunk of change from Google for the search bar in its Safari browser, Apple has enough other sources of revenue that it can easily walk away from Google's cash.
Fact: Users who enter keywords or misspelled URLs into the Firefox 2.0 location bar will essentially be running a Google "I'm Feeling Lucky" search. That is, they will be taken to the first result for a Google search query for those terms.
Fact: In addition to the Google cash flowing to Mozilla, a number of Google engineers spend significant amounts of time working on Firefox. This includes Ben Goodger, the former lead developer, and still a major contributor for the browser. Yes, other companies pay developers to work on Firefox, but none throw as many overall corporate resources at the browser.
Fact: Two key features of the Google Toolbar for Firefox were rolled into the Firefox 2.0 browser and are turned on by default: Google Browse By Name and Google Safe Browsing for Firefox (now the Phishing Protection feature in Firefox 2.0). These two features, while useful, are more than just the application of a useful patch. They result in millions of Firefox browsers regularly polling Google servers for core information.
Fact: The Google Anti-Phishing relationship will be expanded in Firefox 3.0. While Google currently is the default provider of a blacklist of known phishing sites to the browser, this will be enhanced to include a blacklist of sites that serve up malicious software.
Fact: Google pays AdSense publishers (Web site owners) $1 for each new user who installs Firefox + Google Toolbar as a result of a referral link from one of their pages.
From: link-bounces at anumail0.anu.edu.au [mailto:link-bounces at anumail0.anu.edu.au] On Behalf Of David Lochrin
Sent: Wednesday, 31 October 2007 5:41 PM
To: Danny Yee; Rick Welykochy
Subject: Re: [LINK] Firefox security issue
On Wednesday 31 October 2007 15:37, Danny Yee wrote:
> This may not be Firefox updating itself, but rather updating
> one of the installed Extensions/Add-ons.
That's a possibility, but I'd expect (hope?) that disabling updates disabled all updates since the option is not otherwise qualified.
I blocked dyna-addons.nslb.sj.mozilla.com (220.127.116.11) but then caught it connecting to kc-in-f91.google.com (18.104.22.168).
Typing "about:config" in the Firefox URL field brings up a very long list of configuration variables, far more than show in the normal "preferences" menus. Scrolling through them reveals quite a few hard-coded URLs, many of which involve Google, and this may have something to do with Google now being a major sponsor of Firefox and/or Mozilla - see the browser.safebrowsing.provider.* section for example.
These config variables can be edited, but maybe a simpler browser with fewer commercial ties is the answer - anyone for Konqueror ? (:-)
Link mailing list
Link at mailman.anu.edu.au
More information about the Link