- This topic has 18 replies, 5 voices, and was last updated Dec 16-8:19 am by Xunzi_23.
-
Posts
-
PPC
I think this was not posted here before:
If you are lucky enough to have a 64bits computer, with antiX 21/22 with enough resources to run Firefox Web browser in a decent way, then you may be interested in trying out LibreWolf – it’s to Firefox what Ungoogled Chromium is to Chrome – it’s Firefox with all the telemetry and other strange little unneeded extras ripped out. As far as I know it’s for 64bits only.
( You can download it’s Appimage here: https://librewolf.net/installation/linux/ You probably can run it in any 64bits antiX version. Download it, make it executable using your File Manager- you only have to do that once, for each Appimage- then click on the file and run it)EDIT: It seems antiX 21/22 repositories already include LibreWolf (so you can install the version that is available there using Synaptic, or the terminal)
If you are using antiX 21/22 (or probably any future version), you can add LibreWolf’s repository and install it from there- that way, it’s easy to always have that browser up to date. the instructions are here: https://librewolf.net/installation/debian/
Copy all the instructions inside the blueish box and thenantiX menu > Terminal> right click the mouse> select paste > Press the Enter key > enter your password, if asked to > wait for the install process to finish…
…and enjoy a slightly more private and faster Web browsing experience (also using a bit less system resources).
P.
- This topic was modified 4 months, 3 weeks ago by PPC.
- This topic was modified 4 months, 3 weeks ago by PPC.
- This topic was modified 4 months, 3 weeks ago by PPC.
andyprough
the instructions are here: https://librewolf.net/installation/debian/
Thanks for this how-to, PPC. That was a good reminder to me to install it on my new antiX system. I prefer Librewolf to Firefox, I’ve noticed that it has lower ram and cpu usage. It’s nice that they have started producing regular deb packages for stable distros and that they have a repo now. I was using it as an AppImage for quite a long time, but installing it and getting automatic updates is always better. I think we talked about this before, but it’s worth re-stating that Librewolf should probably get put into the next major version of the antiX PackageInstaller.
Xunzi_23
Insecure inherited feature, better delete /usr/lib/librewolf/browser/features/screenshots@mozilla.org.xpi
- This reply was modified 4 months, 3 weeks ago by Xunzi_23.
better delete /usr/lib/librewolf/browser/features/screenshots@mozilla.org.xpi
Great tip, many thanks!
P.
andyprough
Insecure inherited feature, better delete /usr/lib/librewolf/browser/features/screenshots@mozilla.org.xpi
I’ve seen that, and I’ve even removed it quite a few times myself, but I don’t actually know what makes it insecure. Do you have any kind of a reference for that? When you think about it, there’s nothing that should be insecure about a user-controlled screenshot function. I mean, unless a remote hacker takes control of your browser – which if they did, then they would have a lot worse things than screeshots that they could take from you.
but I don’t actually know what makes it insecure.
I think Moddit commented something about this allowing for someone (not necessary hackers, lets say, a social network, for example) to remotely take screenshots of your browser…
One of William Gibson’s books (I think it was one from The Bridge Trilogy) had the main character say to himself something like:
I know that using the door chain lock won’t really stop someone from breaking into my room. But if I arrive and find out that I’ve been robbed, I’ll think I was a fool for not using it…So, it’s best to use all the “door chain locks” we can, when connected to a network, right? Better safe than sorry… 🙂
P.
andyprough
allowing for someone (not necessary hackers, lets say, a social network, for example) to remotely take screenshots of your browser
But you are still talking about someone remotely taking control of browser, in which case you are screwed no matter whether you have a screenshot tool or not.
So, it’s best to use all the “door chain locks” we can, when connected to a network, right?
Except that I think the Firefox screenshot tool does things you can’t get with other screenshot tools, such as screenshotting an entire long-long-long web page. Do I want to put a chain lock around my car’s steering wheel because I heard that thieves were stealing steering wheels? Maybe, but I would also like to use my steering wheel, and if a thief breaks into my car he can take whatever he wants, including the entire car.
Anyway, although it appears I’m being argumentative that’s not really my intent. I’m wondering if there is a known clear reason that this specific screenshot tool makes the browser more susceptible to being exploited in the first place. If that’s the case, then I’ll start removing it again. But if not, then I like it enough that I’ll keep it. When I search “firefox screenshot insecure” I don’t find any articles or anything pointing to how it makes the browser more susceptible to being hacked. If anyone knows of how it makes the browser more easily hacked, I’m all ears.
DaveW
For what it’s worth, Librewolf is available for installation via Synaptic, on antiX21/22 64bit systems, using default repositories.
Screenshot is remotely executable.
Evidence is to be found in horridly convoluted firefox developer documentation.AntiX has a screenshot tool. Webpages can be viewed as code or saved, both as code and in other form.
We do not need browser integrated screenshot tool.Why is extension hidden. Who cares about that user feels secure and unknowing leaves door open,
except agencys government employees or fishermen looking for anything, they can find.
we are long in totalitarian surveillance.
5 eyes 12 eyes or how many now. bank data, passwords, read your documents screenshot webmail
anything useful to extort or pressure user.Edited, Any member can read old posts.
- This reply was modified 4 months, 3 weeks ago by Xunzi_23.
* On Firefox’s (and LibreWolf’s) screenshot tool having vulnerabilities – hum… I did think it was Skidoo that commented on that – I do not have any source code reading knowledge, so I have to do the unscientific thing and really accept an “argument of authority” here. But if you brush up your search engine skills, you’ll find some examples of that being reported over the years (nothing recent)- some 6 years ago: https://bugzilla.mozilla.org/show_bug.cgi?id=1380616 ; some 4 years ago ( https://www.securityweek.com/firefox-saves-screenshots-publicly-accessible-cloud-servers )… They may have “permanently fixed” such problems, or maybe not.
Using the modern web is always a trade off- you potentially trade your device’s security with the benefits you get from using it via several tools. It’s up for individual users to decide what they should our should not do. In my particular case- I use Firefox at work, without any more security measures than installing some privacy add-ons. After reading the advice about the snapshot extension, I removed it. If anyone thinks this tool is worth having, hey: you’re free to do what you want- I don’t go around asking people to lock their doors every time they leave their homes- people do what they want to do, both in the real world and in “computerland”.
You can do so using this commands, from the Terminal:
For Firefox-esr (the default browser in antiX Full):
sudo rm /usr/lib/firefox-esr/browser/features/screenshots@mozilla.org.xpiFor Firefox:
sudo rm /opt/firefox/browser/features/screenshots@mozilla.org.xpiFor an installed LibreWolf version (does not apply to the Appimage version):
sudo rm /usr/lib/librewolf/browser/features/screenshots@mozilla.org.xpiNote: you’ll probably have to run the above command every time you update the related browser… The extension should automatically pop up in the folder, since it’s part of the package, right?
*On LibreWolf being in the repo- Thanks for the info! My work computer is on antiX 19, and LW is not available there. I do think that when I initially installed antiX 22 in my home computer, I did not find LibreWolf on it’s repo- I do not know when it got added. Even so, having LibreWolf’s repo on the repo list may be a good idea- it will be instantly updated, instead of having to wait until Debian/antiX updates it’s repo, right?
P.
- This reply was modified 4 months, 3 weeks ago by PPC.
- This reply was modified 4 months, 3 weeks ago by PPC.
Thanks PPC, I did think it was Skidoo that commented on that.
Agree, as mozilla docs state same I am not (again) looking for
his learned posts.LibreWolf was later development but based on Firefox so same
security practice applied.skidoo also warned for browsers crashing spawning headless, watch conky.
Not seen with LibreWolf but probably possible.Check in terminal:
/usr/lib/librewolf/librewolf –headless
*** You are running in headless mode.Applies to chrome based browsers too, headless is a start parameter among many.
Browsers are unsafe…most exploits need end user interaction, In a group test
free gifts were very popular. Gotcha.
Brian Masinick
For what it’s worth, Librewolf is available for installation via Synaptic, on antiX21/22 64bit systems, using default repositories.
For what it’s worth, Librewolf is NOT included in default repositories; there is a repository that can easily be set up:
https://librewolf.net/installation/debian/
--
Brian MasinickBrian Masinick
…
# Change this command to choose a distro manually.
distro=$(if echo ” bullseye focal impish jammy uma una vanessa” | grep -q ” $(lsb_release -sc) “; then echo $(lsb_release -sc); else echo focal; fi)wget -O- https://deb.librewolf.net/keyring.gpg | sudo gpg –dearmor -o /usr/share/keyrings/librewolf.gpg
sudo tee /etc/apt/sources.list.d/librewolf.sources << EOF > /dev/null
Types: deb
URIs: https://deb.librewolf.net
Suites: $distro
Components: main
Architectures: amd64
Signed-By: /usr/share/keyrings/librewolf.gpg
EOFsudo apt update
sudo apt install librewolf -y
--
Brian MasinickDear “The Mas”:
Thanks for clarifying that. Since I had LW’s repo’s already set up in both my antiX 22 machines, I could not easily confirm DaveW’s info and had no reason to not believe him.
I do think that anti could/should use the script LW provides and add it to Package Installer – but I do not know if it’s possible to do that only for 64bits packages (i.e- so LW does not appear on P.I. for folks with 32bits machines).Extra info:
To remove all of the LibreWolf repositories from your system, run:
sudo rm -f \ /etc/apt/sources.list.d/librewolf.list \ /etc/apt/sources.list.d/librewolf.sources \ /etc/apt/trusted.gpg.d/librewolf.gpg \ /etc/apt/keyrings/librewolf.gpg \ /etc/apt/preferences.d/librewolf.prefP.
- This reply was modified 4 months, 3 weeks ago by PPC.
Brian Masinick
I agree, PPC. Thank you for also showing people how to remove repositories, particularly those they are UNABLE to use. 😉
--
Brian Masinick
- You must be logged in to reply to this topic.
