[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Universal Firefox Attack Through http Manipulation - And Wont Fix!!


#1

Firefox has non-encrypted http requests done through of network.captive-portal-serivce which allow Mitm and ISP manipulation of the connection leading to malicious attack.

The attack reported on 2 different tickets:

  • MITM Attack:
  • Malicious ISP http Manipulation Attack:

And if you read their comments , they prefer convenient over security. So in this case as a user you have one choice to do which is fuck FF developers and close that by yourself by going to:

about:config

Then search for:

network.captive-portal-serivce.enabled

switch the value from true to false by double click on it.

Note: This is only effecting FF , but NOT TBB because its disabled by default there.