![]() ![]() Third, thank you Mozilla for saving us from the evil Google Blink browser engine monopoly. uBlock Origin & uMatrix makes the internet a better place for everyone. Second, thank you Raymond Hill for providing everyone with the BEST content blocker on the internet, for FREE, without any reward. :-(įirst, I want to thank vtriolet for finding the vulnerability & contacting Raymond Hill. I’m still hoping that gorhill will change his mind and revive the development of uM in the future, but I must say that my expectation is low. Thus I use (the also great!) uBO only because of the filter lists and do all interactive blocking/allowing with uM in hardcore mode. In NoScript the JS from would be allowed to run on all sites and the same is true for uBO, am I right?īesides, I find the matrix/scope interface style of uM very intuitive and easy to work with. To selectively allow a third party JS (for example from ) on site A while have it forbidden on site B. Neither NoScript nor uBO alone can offer this, what uM can do: There is a fork for Firefox called nuTensor at, but this also does not really seem to be actively maintained. Good that Palemoon has an actively maintained fork, but I don’t want to switch to this browser for various reasons. It’s a pity that nobody trustworthy has offered to continue developing/maintaining uM, after gorhill has put the project on indefinite hold. In my opinion uM together with uBlock Origin (uBO) is a perfect match. The current situation of uMatrix (uM) is really sad. Now You: are you still using uMatrix? (thank you Marcus ) ![]() While it seems unlikely that it is going to be exploited in large scale attacks, it is still something that users need to be aware of. With development having ended some time ago, it may be time to move to a different extension for content blocking, especially since it has an unpatched vulnerability now. They can also enable all of the "Malware domains" and "Multipurpose" filter lists in uBlock Origin to help offset the lost filtering coverage. To mitigate the vulnerability for now, users can disable uMatrix’s strict-blocking support by unselecting all of the filter lists on the "Assets" tab in the uMatrix dashboard. Subscribing to malware or multi-purpose filter lists may reduce the impact the change has on the blocking of the extension. The researcher notes that users need to disable all filter lists on the "assets" tab of the uMatrix dashboard. The uMatrix extension is not maintained anymore, which means that it is still vulnerable and will remain so. The maintainer of nMatrix published an update to the Pale Moon add-ons site that fixed the issue in the extension as well. Raymond Hill was notified before the security issue was disclosed publicly, and a fix was created for uBlock Origin within one day and published the next. Only the Chrome extension crashed during tests. The researcher tested a proof of concept vulnerability against Chrome, Firefox and Pale Moon. ![]() iframes are classified as sub-documents and do not trigger the warning page, which should make it harder for malicious hosts to exploit this vulnerability in the background. This means that malicious hosts would need to induce users to trigger a navigation somehow, such as by clicking a link. The strict-blocking warning page is only displayed when direct navigations are blocked. It requires that users become active, e.g. When the extension crashes, users are left without protection until it is reloaded. Default installations of the extensions use filter lists that include strict blocking filters.Īn attacker may exploit the vulnerability to get the extension to crash or cause memory exhaustion according to the researcher. Strict blocking prevents all connections to resources that match the filter. ![]() The vulnerability exploits code used by the extensions strict blocking feature. The Firefox extension, for which I wrote a guide in 2017, has more than 29,000 users at the time of writing.Ī security researcher discovered a vulnerability in all three extensions. Google's Chrome Web Store, on which it is still listed, reveals that it has more than 100,000 users, a figure that can be higher as Google does not echo total number of users to the public. The uMatrix browser extension is still in use. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |