Firefox security

I copied this from MozillaZine:

"Microsoft's Peter Torr Attacks Mozilla Firefox Security

A Microsoft Program Manager by the name of Peter Torr has posted a weblog entry about potential problems with security in Mozilla Firefox. Specifically, he singles out the fact that neither the Firefox installer nor most of the available extensions are digitally signed. By contrast, he notes, Microsoft Internet Explorer 6 Service Pack 2 will not install unsigned ActiveX by default. While many will immediately cry, "FUD! ", he's actually right. Though the infrastructure is there, the lack of code signing in the vast majority of Firefox extensions has led to an environment in which many users simply install extensions without really knowing if they can trust the people behind them.... "

What are some of your opinions on this?

 

A good point. But, Firefox has been continuously being developed, now is the time to do things properly. But, on the other hand, how do I know the meaning of a digital signature?
I got an interesting example, in Mozilla 1.7.5. I can set up AOL mail, and I can use its SMTP to send mail, which requires authentication. And, when I enter my password, I got an Alert saying that the digital signature was not that of "smtp.aol.com ", as expected, but instead "smtp.cs.com ". "cs" is CompuServe, owned by AOL. Why?

 

That's primarily why I haven't installed any extensions yet. I need to become more familiar with the extensions arena and the people involved before I'm going to start installing extensions in FF. I need to feel a sense of trust in the author of an extension and download the extension from a location I trust. That personal sense of trust supercedes any "authoritative" digital signature notice I get...until I understand digital certificates.

In open-source software, if someone creates a malicious extension and makes it available via the Mozilla site, I expect the people deeply involved in the open-source community would quickly sqwak about it and the extension would be pulled from availability at reputable sources. I could be wrong though since I don't really understand how open-source works yet. I'll lurk in the various forums and study the Firefox support page for a while longer to get a better "feel" about extensions. One day, I'll weigh my perceived risk-vs-comfort and even try out an extension or two.

At any rate, I really like FF as-is "out of the box" so I'll continue to be satisfied with FF as-is for awhile. Besides, I'll be better able to help FF newbies if I take the time to learn FF's default features, menus, shortcuts, etc. rather than installing extensions that change FF's functionality. I'll probably buy a Firefox Guidebook and Firefox polo shirt to help promote FF. I'll probably combine a donation and shirt purchase since they offer a $50 donation option that includes a "free" shirt. Here's the link for their special "deals ".

That's enough (too much?) rambling with my opinions and FF plugs for now.

Next?