DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 6, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 151 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Firefox add-ons make the browser less secure

Posted on Friday, June 01 2007 @ 00:15:09 CEST by


Chris Soghoian discovered Firefox add-ons inadvertently create security holes that could be used by criminals to steal sensitive data from millions of users.

We aren't talking about some shady add-ons created by amateurs, Soghoian claims the vulnerability exists for some of the most popular Firefox add-ons like the Google Toolbar, Yahoo Toolbar, Del.icio.us toolbar, Facebook Toolbar, Netcraft Anti-Phishing Toolbar and many others.

Washington Post writes:
Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

The problem is especially dangerous with Google's toolbar. Firefox usually will alert users that new versions of installed add-ons are available and give users the option to decline or accept the updates. But Soghoian said Google's toolbar (which is bundled with Firefox) updates without any such prompts.

"Typically, when Firefox sees that an update for any installed extension becomes available, upon next browser restart Firefox will prompt the user 'do you wish to install the update,'" Soghoian said. "However, Google disabled this, and thus, if Firefox sees that there is an update for any google made extension, upon next restart, Firefox automatically downloads and installs the update without prompting the user."



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba