Monday, March 31, 2008

When FireFox 2.0 Meets with JavaScript

Just come across a Firefox extension, called FFsniFF. This is a NOT a password sniffer which can sniff password. See the reference links below for more information.

The question here is not whether it is a password sniffer or not, it is about how do I get rid of it once I installed since it is hidden from the FF Extension Manager? Chicken and egg problem.

Finally, I've no choice but to do it manually. Here's how I remove/disable it manually:
  1. Close your FF blowser and locate your FF user profile folder. Eg: %APPDATA%\Mozilla\Firefox\Mozilla\Profiles\[User Profile]\[random string].default\
  2. Go into subfolder "extensions\{66cdf40a-d0f2-46d0-abf4-eccba8205aef}\chrome". You should see a file called "ffsniff.jar"
  3. Find an unpacker (Eg. 7-zip) to unpack the "ffsniff.jar".
  4. Once unpack, go into "content\ffsniff\" folder and look for a file called "ffsniffOverlay.js".
  5. Edit the file with notepad. Goto the bottom (line 119), remark the line "hide_me();" with two slashes "//" (without the quote) in front.
  6. Save and close the file and put everything back to "ffsniff.jar".
  7. Start your FF broswer now and goto the Extension Manager, you should be able to see the extension called "FFsniFF 0.2".
  8. Now you can disable it.
Reference links:
  • Disable FFsniFF Manually - J.Track
  • http://jtrack.blogspot.com/2008/03/disable-ffsniff-manually.html
  • FFsniFF Homepage
  • http://azurit.gigahosting.cz/ffsniff/
  • http://azurit.elbiahosting.sk/ffsniff/
  • Vulnerability Summary CVE-2006-6585
  • http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6585
  • SecurityFocus
  • http://www.securityfocus.com/archive/1/archive/1/454058/100/0/threaded