Retrieving Bookmarks from your Firefox - The Hard Way

Yeah, so I turned my old workstation into a server and no longer have access using a graphical interface.

Normally, this is fine, as I am using it as a server.

But I forgot to export my Firefox bookmarks.

Hopefully I can examine the sqllite database using reference [1] to retrieve my bookmarks.

I open the file /home/mrbear/.mozilla/firefox/xvosm5y9.default/places.sqlite and selecting the tab "Browse data" found the table moz_bookmarks.

It contains all bookmarks and folders and contains references to the moz_places table (using the moz_bookmarks.fk).

The moz_places table contains the actual urls.

References

[1] DB Browser for SQLLite

https://sqlitebrowser.org

The Browser Keeps Bugging Me

Lately the browser and/or websites seems to keep bugging me, and I am getting a little tired of it.

The questions it keeps asking for each website are the following:

1. "We use cookies to ensure ... etc."
2. "Would you like Firefox to save this login for [sitename]?"
3. "Will you allow [sitename] to send notifications?"

The amount of questions a website/webbrowser offers me seems to have been proliferating lately.

I always accept cookies, but I never want the other options.

Seeing as I am using Firefox at the moment, let's see what we can do about it.

1. The "i-don't care about cookies' addon^{1 2} seems to suit me just fine.
2. Preferences - Privacy & Security - Forms & Passwords - turn off "Remember logins and passwords for websites".
3. Go to "about:config". Search for "dom.webnotifications". Set "dom.webnotifications.enabled" to false to not see any notifications³.

UBlock addon^{4 5} seems to be also very good.

References

[1] I-Don't-Care-About-Cookies website

https://www.i-dont-care-about-cookies.eu/

[2] I-Don't-Care-About-Cookies addon

https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/

[3] Web Push notifications in Firefox

https://support.mozilla.org/en-US/kb/push-notifications-firefox

[4] Firefox Addon UBlock

https://addons.mozilla.org/nl/firefox/addon/ublock-origin/

[5] Wikipedia - UBlock

https://en.wikipedia.org/wiki/UBlock_Origin

Weak Diffie-Hellman and the Logjam Attack

I got the following message when attempting to contact my Glassfish admin console¹:

Secure Connection Failed

An error occurred during a connection to www.karchan.org:4848. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Apparently it is related to a possible LogJam attack⁶.

Workaround

Of course, there is a workaround for Firefox², but that is not what we should do. But for completeness, I'll provide it here:

Workaround for Firefox 39 and above:

1. In FireFox, enter "about:config" in the URL field and press enter.
2. Accept the "This might void your warranty!" warning :)
3. In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4. Double click each result (128 and 256) to toggle the Value to "false"

Ciphers

The reason I got this message, was that the server and the client (browser) could not agree on a sufficiently good cipher for the SSL connection. The new version of Glassfish has this solved, because of the extra ciphers it has added³.

If you look at the Appendix below, you immediately notice that the new ciphers all make use of Elliptic-Curve Diffie-Hellman Key Exchange, instead of normal Diffie-Hellman. It seems to be a great deal more secure and doesn't suffer from the Logjam weakness⁶.

Although it seems unnecessary, you could remove the weak ciphers from GlassFish, to prevent a loophole.⁵.

Appendix A. Available Ciphers

Glassfish 4.0 (build 89)	Glassfish 4.1 (build 13)
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA	SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
SSL_DH_anon_WITH_DES_CBC_SHA	SSL_DH_anon_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5	SSL_DH_anon_WITH_RC4_128_MD5
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA	SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA	SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5	SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_3DES_EDE_CBC_SHA	SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA	SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_WITH_NULL_MD5	SSL_RSA_WITH_NULL_MD5
SSL_RSA_WITH_NULL_SHA	SSL_RSA_WITH_NULL_SHA
SSL_RSA_WITH_RC4_128_MD5	SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA	SSL_RSA_WITH_RC4_128_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA	TLS_DH_anon_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA256	TLS_DH_anon_WITH_AES_128_CBC_SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA	TLS_DH_anon_WITH_AES_256_CBC_SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA256	TLS_DH_anon_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA	TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA	TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA	TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA	TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
	TLS_ECDH_anon_WITH_AES_128_CBC_SHA
	TLS_ECDH_anon_WITH_AES_256_CBC_SHA
	TLS_ECDH_anon_WITH_NULL_SHA
	TLS_ECDH_anon_WITH_RC4_128_SHA
	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
	TLS_ECDH_ECDSA_WITH_NULL_SHA
	TLS_ECDH_ECDSA_WITH_RC4_128_SHA
	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
	TLS_ECDH_RSA_WITH_NULL_SHA
	TLS_ECDH_RSA_WITH_RC4_128_SHA
	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
	TLS_ECDHE_ECDSA_WITH_NULL_SHA
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	TLS_ECDHE_RSA_WITH_NULL_SHA
	TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV	TLS_EMPTY_RENEGOTIATION_INFO_SCSV
TLS_RSA_WITH_AES_128_CBC_SHA	TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256	TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA	TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256	TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_NULL_SHA256	TLS_RSA_WITH_NULL_SHA256

References

[1] StackOverflow - GF4 how to config security protocol to work with firefox v 39x

http://stackoverflow.com/questions/31346501/gf3-how-to-config-security-protocol-to-work-with-firefox-v-39x

[2] Mozilla - Questions & Answers

https://support.mozilla.org/pt-BR/questions/1066238#answer-738971

[3] GlassFish Server Open Source Edition Security Guide Release 4.0

https://glassfish.java.net/docs/4.0/security-guide.pdf

[4] GlassFish Server Open Source Edition Administration Guide Release 4.0

https://glassfish.java.net/docs/4.0/administration-guide.pdf

[5] ServerFault - Disable support for LOW encryption ciphers for glassfish port no 3920

http://serverfault.com/questions/614791/disable-support-for-low-encryption-ciphers-for-glassfish-port-no-3920

[6] Weak Diffie-Hellman and the Logjam Attack

https://weakdh.org/