Firefox Extensions That You Thought Were Safe

Chris Soghoian has proved that some very popular Firefox add-ons, including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar may pose a security threat.

By design, each Firefox extension is hard-coded with a unique Internet address that will contact the creator’s update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.
Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).
As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore — a fairly trivial attack given the myriad free, point-and-click hacking tools available today — he could also intercept this update process and replace a Firefox add-on with a malicious one.

A New Vector For Hackers — Firefox Add-Ons - Security Fix

Published on May 31, 2007 under Internet, Tumblelog

Recommended Google Software:

You may also like to read ..

· Run Firefox 3 Without Affecting Your Existing Firefox 2 Settings
· Download Updated Google Notebook Extension for Firefox 3
· New del.icio.us Bookmarks Extension for Firefox Uses Status Bar
· Making Money By Writing Firefox Extensions
· Install Clip to OneNote Extension In Firefox 3 and OneNote 2007

Add a Comment

If you have a question that is not related to the above discussion, please post your question in the message board for quick answers. All comments are moderated.

subscribe

Subscribe in a reader

Quick Facts & Statistics

Digital Inspiration is a popular technology website with more than 5000 articles, tutorials and how-to guides related to software, computers, and internet.

The site launched in 2004 and averages over 2 million page views per month ..read more

digital inspiration »

How to Check If Your Website Is Blocked In China or Not

Sort Data Online in Alphabetic or Numeric Order with Textris

How to Quickly Grab Pictures from Web Pages Into Picnik for Editing

Change the Font of Command Prompt Window to Consolas For More Comfortable Reading

CAPTCHA Inventor Luis Ahn: Putting CAPTCHA system to Good Use

YouTube Video Search in Timeline Format - Very Neat

Blogs Surpass Newspapers & Magazines in Popularity on Google

Use Yahoo! Glue Search Outside India With Yahoo! Alpha

Send Your Name to the Moon in a NASA Spacecraft

Design Your Own Fonts Online with FontStruct Font Builder

The New Definition of a Blog is Better Listing on Google

Plaxo Introduces People Search - Find Friends by Name

Stitch Your Digital Photos To Create 360 degree Panoramas Online

Backup Outlook PST Files Regularly with Personal Folders Backup

Oh! Yahoo Desktop Search Tool Goes Missing

» See More Articles ..

© 2008 Digital Inspiration - Technology, à la Carte | Mobile Edition | Videos | Terms

The articles are copyrighted to Amit Agarwal and can only be reproduced given the author's permission.

Skip to top of the page ^^