Jump to content
🎅🎄 Signup today to get free TorrentLeech or ProAudioTorrents Invite! Get access to premium trackers, free seedboxes by signing up. Buy, Trade, Sell Or Find Free Invites for HDBits, PTP, Empornium, PrivateHD, Sinderella, etc 🎅🎄 ×

Firefox WebExtensions may be used to identify you on the Internet - Piracy News and Crypto Updates - InviteHawk - Your Only Source for Free Tracker Invites

Buy, Sell, Trade or Find Free Torrent Invites for Private Torrent Trackers Such As redacted, blutopia, losslessclub, femdomcult, filelist, Chdbits, Uhdbits, empornium, iptorrents, hdbits, gazellegames, animebytes, privatehd, myspleen, torrentleech, morethantv, bibliotik, alpharatio, blady, passthepopcorn, brokenstones, pornbay, cgpeers, cinemageddon, broadcasthenet, learnbits, torrentseeds, beyondhd, cinemaz, u2.dmhy, Karagarga, PTerclub, Nyaa.si, Polishtracker etc.

Sponsored Seedbox | VPN
Request Free IPTV Trial

Firefox WebExtensions may be used to identify you on the Internet

HARDY

By HARDY ,
in Piracy News and Crypto Updates

 Share

Recommended Posts

HARDY Invite King

HARDY

All modern web browsers leak extension information to sites if the sites run scripts to pull the information. We talked about the findings of a research term that published its findings recently in a paper.

Unless scripts are blocked, sites may run scripts that check the response time of the browser as it is different when checks are made for fake extensions and fake resources, and existing extensions and fake resources.

Firefox's situation is special, as it supports the legacy add-on system and the new WebExtensions system. The researcher tested the browser's legacy add-on system only, but suggested that Firefox's new system would also be vulnerable.

An anonymous reader pointed out that Firefox's WebExtensions system uses random IDs, and that this meant that the method to enumerate extensions would not work in that case (unlike in Chrome and other Chromium based browsers).

While that is correct, Mozilla's implementation introduces a new issue that allows sites to identify users if WebExtensions expose content to sites as the random IDs are permanent.

"... in particular, they [Mozilla] changed the initial scheme (moz-extension://[extID]/[path]) to moz-extension://[random-UUID]/[path]. Unfortunately, while this change makes indeed more difficult to enumerate user extensions, it introduces a far more dangerous problem. In fact, the random-UUID token can now be used to precisely fingerprint users if it is leaked by an extensions. A website can retrieve this UUID and use it to uniquely identify the user, as once it is generated the random ID never changes. We reported this design-related bug to Firefox developers as well."

If a site manages to get hold of the ID, it may track the Firefox installation as that ID never changes.

This is not just theoretical either; Earthling, one of the maintainers of the Ghacks Firefox user.js file, has created a proof of concept that highlights a leak in Firefox's native Screenshot tool.

While this particular example requires that users click on the screenshot button in the Firefox interface to make the unique ID available to the site, other extensions may expose content without user interaction.

https://cdn.ghacks.net/wp-content/up...andom-uuid.jpg

Apple's Safari uses a random UUID system as well, and the researchers discovered that they could enumerate about 40% of all extensions as its implementation is flawed.

If the WebExtension exposes content to sites because they have implementation flaws, sites may fingerprint users based on the unique ID that gets exposed in the process.

Closing Words

Mozilla needs to rework the implementation to protect users of the browser from this. Even if you don't use WebExtensions at all, you may be vulnerable to this as Firefox ships with several system add-ons that may expose the ID to sites.

Link to comment
Share on other sites
The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Customer Reviews

    lazytime77
    Wow! This is my first time buying an invite from J.Stash (and on InviteHawk) and I am very happy with the results. This is 100% the real deal. I'll keep coming back for more. Thank you so much for putting this site up. This place is a gem!
    GlitterBow6
    An excellent experience from start to finish! J.Stash was very knowledgeable and responsive throughout the entire process. What's more, J.Stash was highly professional and courteous, always taking time to answer any questions that I had. I greatly recommend this seller and would definitely purchase from J.Stash again!!
    goon64
    J.Stash has my full recommendation. It's rare to work with a seller who possesses and demonstrates not just integrity and quick delivery, but Ethan also went above and beyond when there were issues with the product (not his fault at all). Thank you J.Stash.
    insomniac
    Purchased an invite from J.Stash, the seller was very professional and fast with their turn around times. The price was amazing and the whole site is absolutely amazing. will definitely purchase more from him. I have been searching for an invite for this website for many months and J.Stash solved my request faster than lightning.
    ChocoPie
    Bought Crunchyroll Premium upgrade from J.Stash It works, my account is now premium and I have access to all the shows! Thanks a lot J.Stash for having this wonderful service among many other amazing services in your portfolio! Highly recommend purchasing from J.Stash! This is one of the many successful orders he has processed for me!
    ChocoPie
    Registered an account on InviteHawk and placed an order for 6 different trackers with J.Stash Got all of them delivered in less than 60 mins! How does he do it? 🙂 He is brilliantly fast! Absolutely love his service and communication efforts! Thanks J.Stash! You rock 🙂 This has been by far the best experience I have ever had buying invites for private trackers.
    capri28790
    Everything went just perfect. He makes me a very good impression both as person and as professional seller. Glad I found this site and met him virtually here. I wish I could spread the word about, but since this is not quit a good idea, I just want to share with other users here my best appreciations regarding J.Stash. Highly recommended: good communication, safe shop, fast delivery.
    BUTTHEADBILL
    Purchased a Spotify upgrade through him and used bitcoin and found the entire experience to be great. I am a total newbie to this site. And I wasn't sure what to expect. I am so amazed at how fast this was handled and how great everything went.
    renascor
    In all my years of finding affordable services throughout the web, I have found no provider more responsive, more committed to excellent customer service, or more accountable to keeping to the terms of the services being obtained. When something stops working, the issues are addressed ASAP. When any questions arrive, they are responded to promptly. When situations arrive post service rendered even months down the road, J.Stash has your back to help navigate through them. Highly recommended.
    flipsie
    Bought a VIP access to the forum and got exactly what I wanted+more within reasonable time! Second time buying from J.Stash and my experience was exceptional, like last time. Would definitely buy from him again in there near future.

  • Similar Topics

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept