back to article Holes found in Pocket Firefox add-on

Information security man Clint Ruoho has detailed server-side vulnerabilities in the popular Pocket add-on bundled with Firefox that may have allowed user reading lists to be populated with malicious links. The since-patched holes were disclosed July 25 and fixed August 17 after a series of botched patches, and gave attackers …

  1. phil dude


    "two thousand zero zero party over,

    Oops out of time..."

    Is it 2000 yet?


  2. Turtle

    Semantical Objections.

    "... the popular Pocket add-on bundled with Firefox"

    I have to take exception to calling Pocket a "bundled add-on", because it's actually baked into Firefox and can not be removed, even though one can remove it from the toolbar. But that only hides it; it's still there.

    And how popular is it, actually? Aside from the circumstance that every Firefox installation is burdened with this crap, how many people actually use it?

    1. Grade%

      Re: Semantical Objections.

      Yes, every word of that missive needs scare quotes: "Popular" "add-on" "bundled" "with". Suggested listening as one reads those words would naturally be the "cha-ching" so favoured by capitalists for "every" occasion.

      And yet, I still use it. Firefox that is. If only it were as it was. Sigh.

      1. Anonymous Coward
        Anonymous Coward

        Re: Semantical Objections.

        I heard that a UK language version of firefox comes without this unbundleable shit.

  3. Anonymous Coward
    Anonymous Coward


    I had one user that installed pocket themselves, the result was not good.

    It tended to send multiple requests like "User XYZ is looking at this site now, just in case he decides to save it" seemed just like the tracking Facebook uses with its "like" links in the form "Like link please for user XYZ, currently browsing site ABC" its all just tracking users.

    I haven't seen that sort of traffic from a default Firefox install but I was not happy to see the stuff included.

    It might be that they need to monetise all browsing, if not right now, later.

    1. Dan 55 Silver badge

      Re: Phocket

      If you want to really want to disable Pocket included with Firefox, then go to about:config set browser.pocket.enabled to false and just to make sure it's dead set these keys to empty strings...



      1. paulf
        Thumb Up

        Re: Phocket


        I found browser.pocket.enabled was already set to False in my FF. Since I've not modified it myself I think this must have been disabled by the option in Classic Theme Restorer to disable Pocket completely.

        I've made the other changes you recommend though!

      2. VeganVegan

        Re: Phocket

        Thanks for the hint.

        It's easy to search for pocket (search box at the top of the page) to get at the other relevant settings

        I also found that if you set


        to false, then the toolbar button is not displayed.

        To really put a stake thru its heart, I also nulled the string in


        and set


        to false.

        1. MonsoonX

          Re: Phocket

          Unfortunately, the about:config edit does not work. It's even discussed at Mozilla. They're saying to wait until they fix it, lol.

          yeah, i'll wait for some future date to be able to stop firefox from changing the view of my search pages.


  4. MonsoonX

    "Pocket" is truly the last straw for me, in a seemingly endless string of bad changes that firefox has made in the past year or so.

    So i've uninstalled Firefox from my computer for the first time in more than 10 years, and I won't be going back.

    I'm not the biggest fan of Opera, but at least they're moving forward, instead of constantly mucking things up like firefox has been.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021