Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox: do you use the profile manager?


  • Please log in to reply
6 replies to this topic

#1 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 04 August 2014 - 10:43 AM

I use Firefox's profile manager to run multiple instances of Firefox with different profiles. This allows me to improve my online security.

 

For example, I have a profile which is dedicated to webmail.

When I receive e-mails with links or attachments, I will never open them in the webmail instance, but in another instance dedicated to general surfing.

 

Anybody else using the profile manager for this purpose? Just wondering.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:32 PM

Posted 04 August 2014 - 11:00 AM

I don't see using different profiles unless there is more than one user or testing a beta release of Firefox.

Just checked here...Multiple Firefox profiles - Mozilla | MDN 

No mention of this being more secure in the sense of isolating a malware install, etc.

Just protects the main Firefox from bookmark corruption, etc. when testing or developing.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Didier Stevens

Didier Stevens
  • Topic Starter

  • BC Advisor
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 04 August 2014 - 11:13 AM

I don't use different versions of Firefox, all profiles use the same code.

 

One of the things it protects against is Cross-Site Request Forgery.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 buddy215

buddy215

  • Moderator
  • 13,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:32 PM

Posted 04 August 2014 - 11:50 AM

I'm pretty darn sure that NoScript protects you from CSRF.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Didier Stevens

Didier Stevens
  • Topic Starter

  • BC Advisor
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 04 August 2014 - 11:57 AM

Yes, but like all detection engines, not 100%.

 

When it's feasible, I prefer to prevent than to protect.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,854 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:05:32 AM

Posted 05 August 2014 - 09:08 PM

I do not use profiles, As I am on Linux normally I just use the guest account to surf and all that, If I need to update or do something as owner or root it's easy enough to log into linux for that.

 

 

NoScript Configuration Guide



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:32 PM

Posted 05 August 2014 - 09:13 PM

Reasons to have multiple Firefox profiles
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users