Xanda's Blog !~!

Introducing MyEja – Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

After 3-4 hours struggling to make it public so here we go.. MyEja, the Bahasa Malaysia dictionary for spell-checking in Firefox and Thunderbird

The open-source Firefox Add-on MyEja for spell-checking supports Firefox and Thunderbird platform-independently. It is based on the OpenOffice Extension “Kamus Bahasa Malaysia (Malay Dictionary)”. The contents of the dictionaries are untouched and is in original state in the initial release of MyEja . The latest versions of Firefox and Thunderbird are also supported. MyEja was founded by me and it is the second initiative project from Mozilla Malaysia Community.

Looking forward for the approval from Mozilla Add-on Team.. The add-on is accessible at https://addons.mozilla.org/en-US/firefox/addon/myeja/

In Response to Sunbelt’s Saving Login Details in Firefox Without Notification

Morning.. 🙂

If you have come across Sunbelt’s blog post today on “Saving login details in Firefox without notification“, where password can be force to be saved to the Firefox (password manager) without any notification to the user. Yeah, its bad. But whats the autocomplete=”off” on the form? 🙂

Here is my solution for that (sorry if I made things worse)

1) Open up nsLoginManager.js in the following directory (depending on your operating system)

  • Mac OS : /Applications/Firefox.app/Contents/MacOS/components/
  • Linux (in my case, Ubuntu) : /usr/lib/firefox-3.6.14/components/nsLoginManager.js  # <= where 3.6.14 is your Firefox version
  • Windows : C:\Program Files\Mozilla Firefox\components\

2) Look for this function : “_isAutocompleteDisabled : function (element)” and comment out the function body from the following code

  _isAutocompleteDisabled : function (element) {
    if (element && element.hasAttribute("autocomplete") &&
        element.getAttribute("autocomplete").toLowerCase() == "off")
        return true;
    return false;

into something like this:

  _isAutocompleteDisabled : function (element) {
    // if (element && element.hasAttribute("autocomplete") &&
    //     element.getAttribute("autocomplete").toLowerCase() == "off")
    //     return true;
    return false;

3) Restart your Firefox and wallaaa! 🙂

P/S: you can simply uncomment the lines to revert but remember that if you want to clear the saved password, you can do it from the Password Manager (Preferences > Security > Saved Passwords > Remove All)

DontPhishMe v0.3.2 released

Mozilla just approved the sandbox version of DontPhishMe and now it is public 🙂 Get the latest version of DontPhishMe (v0.3.2) and feel free to comment and report bug


IronFox is firefox in a sandbox, or more correctly, an application shell script wrapper that starts firefox in a sandbox. The policy is bundled within the app, should there be any desire to inspect the policy before use.

The goal of the policy is to let the user browse the web without interfering, but still protect the users privacy and system integrity from vulnerabilities that may exist in firefox or its plugins. The only restrictions that Ironfox gives the user is that downloads and uploads may only recide in the users download directory, and that ironfox itself can not launch any other applications.

Read more HERE

Java 0day

I’ve play around with Java Deployment Toolkit exploit last week and found that the exploit is damn easy to trigger, but mitigation is a bit tricky (for Firefox especially if you have multiple version of Java installed)

Anyway, the patch released and people dont have to worry much about this anymore.

I’ve wrote a short analysis on the exploit (sample taken from the wild) and soon to be published in the Lebahnet Blog (pending for review). I’ve also wrote Yara rule to detect this exploit and it can be used with Jsunpack for automated analysis 🙂 owh.. I’ll publish the rule soon 😉

Many people are talking about this exploit including this blog. By the time I read through the content, I’ve found that they had published a non-valid code (maybe due to improper de-obfuscation or error during copy and paste for the entry). I’ve left 2 comments, correcting 2 lines of code in the entry. They made the changes but delete my comments (poor me, no credit :P)

Insyaallah I’ll publish the Yara rule by tomorrow 🙂