-
Notifications
You must be signed in to change notification settings - Fork 49
en | Technical | FAMS
The Firefox Add-on Messaging Service (FAMS) is an add-on module developed for use in KeeFox but potentially other Firefox add-ons in future.
It provides secure messaging services to Firefox add-ons. Version 1.0 is included with KeeFox 0.9.4. Messages can only be configured at add-on build time. In future it will be possible to deliver messages over the internet. Since all messages are currently bundled with the source code of the application there are no additional security considerations. In future, it will be important to ensure that the authenticity of remotely delivered messages is established before displaying them to add-on users.
FAMS is a purely one-way messaging service. The only information that can leave the user's system is the URL used to access websites linked to from the messages. It is possible that in future versions of FAMS, tracking codes will be attached to the URLs which would be used purely for the linked web pages to be able to detect that the page request has come from a user via FAMS. No unique or personal information is used. For example: http://keefox.org could become http://keefox.org?Request-Sent-From=FAMS-KeeFox
The rest of this page refers to the configuration of FAMS within the KeeFox add-on.
There are three types of message that can be delivered:
Tips: Hints and tips that will be especially useful for people new to KeeFox, KeePass or password management software.
Important messages: Important but rare notices that may be useful to KeeFox users.
Security notices: Important security notices that users should not ignore if they wish to remain protected.
Users can configure the frequency at which different types of message are displayed or disable them entirely.
Security notices can not be disabled but it should be noted that FAMS version 1.0 is not currently capable of delivering timely messages of this type and there has been only one instance* in the past 3 years that would have resulted in a message being delivered. I hope that in future FAMS will be able to deliver security messages over the internet. In the mean time, the only security message is one that will warn users of KeeFox 0.9.4 in 2014 or later that they are running an old version and therefore at increased risk.
The other two categories can be disabled if desired but naturally we recommend that new users in particular should keep the message delivery enabled in order to get the most from using KeeFox.
The tips are the primary reason for the inclusion of FAMS in KeeFox 0.9.4. I hope that they will help some users to get more from KeeFox more quickly than with version 0.9.3. You can view the current list of tips.
The "Important messages" are likely to be rarely updated and rarely displayed - the only one in use for version 1.0 is one that asks the user to rate or review KeeFox so that other potential users can decide if it would be worth installing on their computer.
* That one security incident was the discovery of a flaw in the Windows DLL loading algorithms that affected KeePass and many other Windows applications. A new version of KeePass was quickly released as a precautionary measure and if KeeFox users were able to receive a security notification at the time, I would have issued one to advise upgrading to the newer version of KeePass.
The information in this Wiki is out of date.
It is only of interest if you are using the old add-on called KeeFox in a very old (insecure) version of Firefox or other browsers based on the old Firefox XUL technology.
Read the manual for Kee and KeeBird instead.