My Firefox Security Profile

Martin Brinkmann
May 28, 2008
Updated • Apr 10, 2012
Firefox
|
13

I explained in the article Working With Several Firefox Profiles how I'm using several Firefox profiles for certain tasks like normal surfing, testing and visiting secure websites. I'm using one profile to visit my bank's website and any other secure site related to finance and personal information. That approach makes sure that I cannot land on a site that is using a browser exploit to grab the data from those sites. It's basically whitelist surfing.

I only visit those x sites and none other using that profile. Several users have asked me in the original article to list the security add-ons that I'm using in that plugin and I finally found the time to list them here. Please don't be disappointed when you see the low number of plugins that I'm using, each additional plugin increases the risk of a security vulnerability and I like to minimize that possibility as much as possible.

The main add-on that I'm using for the whitelist approach is NoScript which allows me to define exactly which websites are allowed to execute scripts. Since I'm only visiting the same x websites I make sure that they have the permissions they need to work properly. Every other website is blacklisted so to speak.

NoScript takes care of scripts on webpages but ignores cookies. I'm using the same whitelist approach to manage the cookies. CS Lite is the add-on that I'm using for that purpose. Cookies are only enabled on the sites in my whitelist and disabled for every other website.

Those two are sufficient to get rid of most of the dangers that lurk on the Internet. I visit those websites manually all the time which gets rid of most phishing attempts or altered bookmarks. Passwords are never saved for obvious reasons.

I have been using several additional add-ons in the past to increase the security even further. Those are View Dependencies and Show IP but decided to reduce the number of add-ons to decrease the chance that one of them poses a security risk. I can still manually check a website if I suspect it to be a forgery. (Using Opera)

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. sarah said on January 25, 2009 at 3:10 am
    Reply

    please some 1 tell me how to cancel firefox… pls email me where to find the option to cancel coz i cant get any videos while i have it installed

  2. darkkosmos said on May 29, 2008 at 6:28 pm
    Reply

    @martin I don’t have silver light, java will ask for confirmation, PDF is taken care of by nod32 and I don’t have quicktime (anymore) :)

    But I got noscript back after I got attacked by rickrolls XD

  3. Martin said on May 29, 2008 at 2:18 pm
    Reply
  4. Digitarius said on May 29, 2008 at 2:03 pm
    Reply

    Not a bad setup. I always have Adblock Plus, Flashblock, CS Lite, and Noscript going, a HOSTS file that has a huge blacklist, and OpenDNS.

    That cuts down the risk by a lot, but it doesn’t really comp for friendly sites being compromised, like when the Dept of Homeland Security’s site was pushing malicious javascript. The multiple profiles is a great idea, but seems a little hard to use since you have to shut down your normal browsing.

    If you want to be paranoid, run a Virtual Machine in VMWare Player. Totally free, and they have “appliances” geared toward exactly this. Browse in the (Linux based, so fairly light) VM and never save its state… doubt you’ll run into problem that way.

  5. Martin said on May 28, 2008 at 8:45 pm
    Reply

    Well how about Java then, or Microsoft Silverlight, Adobe PDF, Apple Quicktime or any other plugin installed ?

  6. darkkosmos said on May 28, 2008 at 8:42 pm
    Reply

    Well phishing doesn’t need javascript and I’ve already got flashblock. Thank you for your help :D

  7. Martin said on May 28, 2008 at 8:39 pm
    Reply

    Well a Firewall does not protect against all the attacks that can be started from a website. Take phishing for instance, or vulnerabilities in Flash.

  8. darkkosmos said on May 28, 2008 at 8:04 pm
    Reply

    Please explain further :)

  9. Martin said on May 28, 2008 at 6:51 pm
    Reply

    yes

  10. darkkosmos said on May 28, 2008 at 5:49 pm
    Reply

    If I have a firewall like nod32 (lastest version) together with CS light do I still need noscript?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.