DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
October 28, 2016 
Main Menu
News archives

Who's Online
There are currently 64 people online.


Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin

Follow us

Firefox add-ons make the browser less secure

Posted on Friday, June 01 2007 @ 00:15:09 CEST by

Chris Soghoian discovered Firefox add-ons inadvertently create security holes that could be used by criminals to steal sensitive data from millions of users.

We aren't talking about some shady add-ons created by amateurs, Soghoian claims the vulnerability exists for some of the most popular Firefox add-ons like the Google Toolbar, Yahoo Toolbar, Del.icio.us toolbar, Facebook Toolbar, Netcraft Anti-Phishing Toolbar and many others.

Washington Post writes:
Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

The problem is especially dangerous with Google's toolbar. Firefox usually will alert users that new versions of installed add-ons are available and give users the option to decline or accept the updates. But Soghoian said Google's toolbar (which is bundled with Firefox) updates without any such prompts.

"Typically, when Firefox sees that an update for any installed extension becomes available, upon next browser restart Firefox will prompt the user 'do you wish to install the update,'" Soghoian said. "However, Google disabled this, and thus, if Firefox sees that there is an update for any google made extension, upon next restart, Firefox automatically downloads and installs the update without prompting the user."



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba