View previous topic :: View next topic |
Author |
Message |
musv Advocate
Joined: 01 Dec 2002 Posts: 3337 Location: de
|
Posted: Sat Nov 04, 2023 9:06 pm Post subject: Firefox profile compromised |
|
|
Hi there,
I'm using a local DNS server (dnsmasq) with an adblock list on my NAS. It works for the whole network (every browser, every device).
Some days before I had to search some things on webpages full of popup ads and automatic redirecting webpages (yes, it's stupid I know it). Since this time I got the problem, that ads are displayed on some webpages.
Now my favourite news website http://www.n-tv.de does show ads. Accessing this webpage with a different user Firefox doesn't do. A different browser, e.g. Opera also doesn't show ads on this page.
I've already cleared the cache (Firefox settings + ~/.cache/mozilla/firefox). Also I cleared the cookies, offline webpages and history. But the ads don't disappear.
The most secure consequence would be to remove the complete profile. But I'm using some addons and settings I would have to reinstall and configure. So I would like to avoid this step.
Is there any chance to figure out, which setting is bypassing my DNS server? It's scary, how easy a simple webpage could change the behaviour of this browser. |
|
Back to top |
|
|
Banana Veteran
Joined: 21 May 2004 Posts: 1393 Location: Germany
|
|
Back to top |
|
|
musv Advocate
Joined: 01 Dec 2002 Posts: 3337 Location: de
|
Posted: Sun Nov 05, 2023 1:03 pm Post subject: |
|
|
This would make any sense if Firefox could bypass the configured DNS server. Otherwise there's no chance to load the ad servers.
Nevertheless, I saved my addon settings (Speed Dial, Gesturefy) + Logins and deleted the whole profile. It's working again. |
|
Back to top |
|
|
no101 n00b
Joined: 10 Oct 2022 Posts: 11 Location: Piney Woods
|
Posted: Sun Nov 05, 2023 11:14 pm Post subject: |
|
|
Firefox can use DNS over HTTPS to bypass your local name server. Click on the hamburger, select "settings", select "privacy & security" and scroll to the bottom of the page. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Mon Nov 06, 2023 5:11 am Post subject: |
|
|
If you really believe it's your Firefox profile, the best solution is to move it to a safe place and then restore it from a backup. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
musv Advocate
Joined: 01 Dec 2002 Posts: 3337 Location: de
|
Posted: Tue Nov 07, 2023 7:09 pm Post subject: |
|
|
no101 wrote: | Firefox can use DNS over HTTPS to bypass your local name server. |
Can JS activate this? At least for myself I had never activated DNS over HTTPS.
figueroa wrote: | If you really believe it's your Firefox profile, the best solution is to move it to a safe place and then restore it from a backup. |
Yes, I do. It's not the first time this happens. I had this already a few years before.
Backup would be nice.
Nevertheless I started with a fresh clean profile. Took less time to reconfigure than I thought. |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3347 Location: Rasi, Finland
|
Posted: Tue Nov 07, 2023 8:03 pm Post subject: |
|
|
musv wrote: | Can JS activate this? At least for myself I had never activated DNS over HTTPS. | JS shouldn't be able to activate or disable it. However DNS over HTTPS is considered a security feature in normal circumstances.
So maybe when DNS over HTTPS was introduced in some Firefox upgare you did, it defaulted being active.
Just my guess... _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
|