Alas, doing that would be detectable from the webpage. So from my perspective, its a no-go.
- Blair On 12/5/09 10:12 AM, Heather wrote: > > Here is an interesting idea from someone on Get Satisfaction for one > way this feature could be implemented. > > http://getsatisfaction.com/mozilla/topics/command_subscription_page_feature_to_warn_users_to_install_ubiquity > > > On May 8, 4:46 pm, Blair McBride<[email protected]> wrote: >> Great info and links - thanks! >> >> I think this is an important topic that needs to be considered when >> adding code that somehow touches content-space. Thankfully, there have >> been some really smart people looking into this already, so Ubiquity >> (and other addons) can learn from previous mistakes and research. >> >> It also shows that while these type of information leaks are getting >> fixed on the Firefox platform (eg, chrome:// URLs are no longer >> accessable unless whitelisted), its often up to extension authors to do >> things sensibly and with forethought. >> >> Whether or not this type of leak can be used malliciously or not is >> beside the point - if its not explicitly wanted (and expected) by the >> user, then its a security bug that needs fixing. >> >> - Blair >> >> On 8/5/09 4:30 PM, esquifit wrote: >> >>> There was some talk about this topic some time ago, see the links >>> below. I don't know how vulnerable Firefox is these days. The same >>> question arose repeatedly in the context of the Greasemonkey extension. >>> The GM developers eventually implemented some protection measures that >>> (I think) are now somehow handled by Firefox itself. Anthony >>> Lieuallen's Karma Blocker extension [1] was also very helpful against >>> this vulnerability. >> >>> [1]https://addons.mozilla.org/en-US/firefox/addon/5230 >> >>> There were essentially two approaches: >>> 1) When a message bar is displayed as a result of a script being >>> installed/discovered, the page can detect the vertical displacement >>> caused by the bar. For example a page could include the<link> tag >>> pointing to some (possible non existent) ubiuity script and check for >>> the vertical shift caused by the Ubiquity bar prompting for installation. >>> 2) Including a extension's chrome:// image resource from the web page. >>> Depending on whether the extension was installed or not, the included >>> image would have length 0 or greater than 0 and would thus affect the >>> width of some other element in the page. This could be measured by >>> javascript code. I think newer versions of Firefox disallow inclusion of >>> chrome:// images from web content. >> >>> Here some interesting links: >> >>> Detecting FireFox Extentions ha.ckers.org<http://ha.ckers.org> web >>> application security lab >>> http://ha.ckers.org/blog/20060823/detecting-firefox-extentions/ >> >>> Jeremiah Grossman: I know what you've got (Firefox Extensions) >>> http://jeremiahgrossman.blogspot.com/2006/08/i-know-what-youve-got-fi... >> >>> Greasemonkey Detect >>> http://wearehugh.com/public/2006/07/detect-greasemonkey.html >> >>> Greasemonkey Detectable? - greasemonkey-users | Grups de Google >>> http://groups.google.com/group/greasemonkey-users/browse_thread/threa... >>> <http://groups.google.com/group/greasemonkey-users/browse_thread/threa...> >> >>> On Sat, May 9, 2009 at 1:05 AM, Blair McBride<[email protected] >>> <mailto:[email protected]>> wrote: >> >>> This would be a security bug if it were possible - it should never be >>> possible for web content to detect which extensions a user is running. >> >>> - Blair >> >>> On 4/5/09 1:42 PM, Alphawolf wrote: >> >>> > Hey there, >> >>> > is it possible to check with javascript if Ubiquity is installed >>> in a >>> > user's Firefox? I'd like to display some install instructions to >>> those >>> > only who have it installed already. >> >>> > Regards, >>> > Oliver > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ubiquity-firefox" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ubiquity-firefox?hl=en -~----------~----~----~----~------~----~------~--~---
