#Login Register


  • 4 Vote(s) - 5 Average
Home 


Multiple Vulnerabilities in Firefox Pocket and How to Remove Pocket
08-19-2015, 10:28 AM #1
JayRodney ⓐⓛⓘⓔⓝ
Posts:31,393 Threads:1,439 Joined:Feb 2011
Multiple security vulnerabilities have been found in Pocket, the third party web-based service chosen by Mozilla Firefox as the default way to save articles for later reading.

The vulnerabilities, exploitable by an attacker with only a browser.

The entry point was exploiting the service's main functionality itself — adding a server internal address in the "read it later" user list — to retrieve sensitive server information like the /etc/passwd file, its internal IP and the ssh private key needed to connect to it without a password.

With this information it would be possible to SSH into the machine from another instance purchased in the same cloud service giving the security researcher unrestricted access.

Read more: gnu.gl


I solved this relatively easily by removing the protocols it uses to call home. First, of all, back up your bookmarks as a .json and use Firefox password exporter addon to backup your passwords.

Disclaimer: I'm not responsible if you mess up your FF install, but if you follow these simple instructions, you'll be fine.

1.) Type about:config in the browser's address bar and hit the enter key.

2.) Promise that you will be careful when the prompt appears lol

3.) Search for pocket.

4.) double click (or right click and use toggle option) make certain browser.pocket.enabled is set to false.

You are done, it's gone. Happy browsing.

Though it's not necessary from what I saw, I took it a step further and set all true values to false and deleted all web addresses and locales so the values are blank.

If you're willing to take it as far as I did, your screen should look like this...

İmage

the term string is what you will see after removing web addresses and locales.

wonder.gif
Anonymous Kritter Show this Post
08-19-2015, 10:38 AM #2
Anonymous Kritter Incognito Anonymous
 
TY Worked as said. Sorry for bad English
Random German Guy Show this Post
08-19-2015, 10:49 AM #3
Random German Guy Incognito Anonymous
 
Worked flawlessly cheers.gif
08-19-2015, 10:53 AM #4
JayRodney ⓐⓛⓘⓔⓝ
Posts:31,393 Threads:1,439 Joined:Feb 2011
Yup, I noticed it removed the thing from even being an option.

wonder.gif
Anonymous Kritter Show this Post
08-19-2015, 01:33 PM #5
Anonymous Kritter Incognito Anonymous
 
worked thumbsup.gif
08-19-2015, 05:18 PM #6
Cynicalabsurdance Member
Posts:8,759 Threads:206 Joined:Feb 2011
Hi JR
how exactly did you do this >>----> deleted all web addresses and locales so the values are blank.

I tried right click on addresses , just says MODIFY

????????????/
08-19-2015, 05:27 PM #7
Cynicalabsurdance Member
Posts:8,759 Threads:206 Joined:Feb 2011
never mind

I found the delete button on my keyboard

stoopeed me
08-19-2015, 06:41 PM #8
JayRodney ⓐⓛⓘⓔⓝ
Posts:31,393 Threads:1,439 Joined:Feb 2011
chuckle.gif Yup, the delete button will do it!

wonder.gif
Anonymous Kritter Show this Post
08-19-2015, 08:14 PM #9
Anonymous Kritter Incognito Anonymous
 
classic theme restorer

has an option for it.

try it.
08-19-2015, 08:34 PM #10
Octo Mother Superior
Posts:43,002 Threads:1,473 Joined:Feb 2011
We have it thumbsup.gif
Anonymous Kritter Show this Post
08-19-2015, 08:41 PM #11
Anonymous Kritter Incognito Anonymous
 
(08-19-2015, 08:34 PM)Octo Wrote:  We have it thumbsup.gif

works well with the firefox 2 theme too.

i´m so oldskool.

cheers.gif
xp style Show this Post
08-19-2015, 08:42 PM #12
xp style Incognito Anonymous
 
(08-19-2015, 08:41 PM)Anonymous Kritter Wrote:  
(08-19-2015, 08:34 PM)Octo Wrote:  We have it thumbsup.gif

works well with the firefox 2 theme too.

i´m so oldskool.

cheers.gif

Firefox 2, the theme, reloaded 1.0.11
08-19-2015, 08:54 PM #13
Octo Mother Superior
Posts:43,002 Threads:1,473 Joined:Feb 2011
Looks oldskool chuckle.gif A bit like mine 13.gif

İmage
08-20-2015, 12:00 AM #14
JayRodney ⓐⓛⓘⓔⓝ
Posts:31,393 Threads:1,439 Joined:Feb 2011
(08-19-2015, 08:41 PM)Anonymous Kritter Wrote:  
(08-19-2015, 08:34 PM)Octo Wrote:  We have it thumbsup.gif

works well with the firefox 2 theme too.

i´m so oldskool.

cheers.gif

We love that plugin and use that to get the old nav menu and bookmarks star back. we both use fxchrome as theme. Ends up looking like safari did back when it was good.
I don't know wtf is going on with Mozilla, but removing browser functionality is not an improvement.
Chrome has past them because chrome looks like Firefox used to ffs.

wonder.gif
08-20-2015, 04:52 AM #15
Cynicalabsurdance Member
Posts:8,759 Threads:206 Joined:Feb 2011
well , I was loading a disc of Windows 7 Ult . in my Toshiba ,

my friend gave me this bootlegged OS disc for Windows 7 ultimate

it got almost loaded

in red : " ERROR ! "

ARG !

I hit the ppower button and turned off the laptop

now I get this

Boot Manager missing

I got passed that so I could reload a different disc now

but I ain't got me no disc that will pass the test

so ,,,
I'm awaiting another disc right now

and all that was wrong with the Toshiba , Start up failed
and Start up repair couldn't fix it

and this is the second laptop that suffered that " Start Up " problem

both running windows 7

fuckers , my Windows XP never fucks up

pissed I am again at Windows 7

and I ain't even gonna talk about windows screwed up 8

so here at sit at a Starbucks waiting on a Disc delivery from people
I barely know

who want MONEY for me to use the Disc for freakin' windows stooopeed seven again

this time , I'm keeping the disc

I loaned mine

and it's now moved away with the person who borrowed it

that fucker



Home 




 



DISCLAIMER / Terms of Service (TOS):
Kritterbox.com - Socialize anonymously, commentary, discussion, oddities, technology, music and more!  This website is provided "as is" without warranty of any kind, either expressed or implied. kritterbox.com shall not be liable for any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.
This website exists solely for the purposes of exchange of information, communication and general entertainment. Opinions from posters are in no way endorsed by kritterbox.com. All posts on this website are the opinion of the authors and are not to be taken as statements of fact on behalf of kritterbox.com. This site may contain coarse language or other material that kritterbox.com is in no way responsible for. Material deemed to be offensive or pornographic at the discretion of kritterbox.com shall be removed. kritterbox.com reserves the right to modify, or remove posts and user accounts on this website at our discretion. kritterbox.com disclaims all liability for damages incurred directly or indirectly as a result of any material on this website. Fictitious posts and any similarity to any person living or dead is coincidental.
All users shall limit the insertion of any and all copyrighted material to portions of the article that are relevant to the point being made, with no more than 50%, and preferably less of the original source material. A link shall be visible in text format, embedded directly to the original source material without exception.
No third party links, i.e. blogs or forums will be accepted under any circumstances, and will be edited by staff in order to reflect the original source of copyrighted material, or be removed at the sole discretion of kritterbox.com.
Fair Use Notice:
This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to economics, individual rights, international affairs, liberty, science, and technology. This constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C.Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for educational and/or research purposes.
This Disclaimer is subject to change at any time at our discretion.
Copyright © 2011 - 2017 kritterbox.com