What is the best way to sandbox Yahoo Mail with Firefox?
I want to create a icon on a users desktop that launchs yahoo mail in it's own instance. (User profile I guess)
Here's the background: I volunteer with a local seniors citizens organization to provide free computer support to seniors on a limited budget. Many seniors use yahoo becuase it was what they learned to use way back when and don't want to change. It is widely known that yahoo accounts have been subject to a recent spree of hacking using exploits, some of which do not even require a user to click on a link. I have seen firsthand 5 incidents where separate individuals using separate computers have had yahoo accounts hacked.
One of my clients was an ATT customer, thus entitled to phone support. In a recent conversation with ATT support who uses yahoo for their e-mail services, they told me they are aware of the problem and the best solution is to logout of your yahoo account every time you are done using it. This is problematic for Senior Citizens who can't or won't remember passwords, they want it to just work.
I began thinking that there must be a way to protect a user from at least some of these exploits. My finial idea is to create a desktop icon that will launch an instance of Firefox that is separate from the other websites that a user may be browsing. I think this could be accomplished using user profiles and some command line options.
Any other ideas? Extensions? I'm thinking of blocking flash and java on that instance too.
Alle svar (1)
hello, first of all please make sure that firefox is up to date (version 20.0.1 at the moment) and that all plugins are updated to the latest version on the systems in question in order to fix known vulnerabilities...
Update Firefox to the latest release
https://www.mozilla.org/plugincheck/
you are right, you can use the profile manager in order to create a dedicated profile and then create a desktop shortcut for it. here are the command-line arguments for firefox.exe that will help you accomplish that: https://developer.mozilla.org/en-US/docs/Mozilla/Command_Line_Options
deactivating java and other plugins that are not necessary for emailing is certainly a good idea too. you could also use an extension like adblock plus together with a filterlist that blocks known malware domains: http://adblockplus.org/en/features