Firefox add-ons exploited by hackers
Date: May 31, 2007Source: digitalartsonline.co.uk
Christopher Soghoian, a Ph.D student at Indiana University, outlined how "man-in-the-middle" attackers, especially in public wireless networks, could disguise malware as a Firefox extension and surreptitiously plant their code in lieu of a normal update to one of the vulnerable extensions.
The bulk of Firefox extensions -- small plug-ins that add features or functionality, and are almost universally created by volunteer developers or hobbyists -- are hosted and updated from Mozilla's own SSL-secured site, and are not vulnerable to this attack, Soghoian said. A number of broadly used third-party extensions, however, update from their own unsecured servers.
Original article
Add comment Email to a Friend