Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox extension flaw exposes millions to cyber attacks


  • Please log in to reply
4 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 AM

Posted 06 April 2016 - 10:31 AM

CYBER SECURITY BOFFINS have uncovered a flaw in the way Firefox handles third-party browser extensions that could expose millions of users to sneaky malware.

Researchers from the Northeastern University in Boston discovered a flaw that allows hackers to stealthily execute malicious code hiding behind seemingly innocent extensions, such as NoScript and Firebug. They can then steal personal data or even seize control of a machine's resources.

The flaw stems from a weakness in Firefox’s extension structure, which doesn’t isolate various browser add-ons. This allows them to connect to the capabilities of other popular third-party extensions.   

Edit:

But Firefox users can breathe a little easier because it’s not clear whether the flaw has actually been used in any extensions, as the researchers demonstrated it only as a proof-of-concept. They have supplied the attack framework to Mozilla so that the company can firm up the way it handles security in reviewing extension approvals.

Article


Edited by JohnC_21, 06 April 2016 - 10:33 AM.


BC AdBot (Login to Remove)

 


#2 TheJokerz

TheJokerz

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:10:30 AM

Posted 06 April 2016 - 10:46 AM

Good find JohnC thanks for sharing!


utl8q0-5.png


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 AM

Posted 07 April 2016 - 05:00 PM

How in the dark we all would be if it were not for proof-of-concept researchers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:02:30 AM

Posted 09 April 2016 - 08:07 PM

How in the dark we all would be if it were not for proof-of-concept researchers.


A truly accurate statement, worth your weight in gold.

Some proof-of-concepts are still kept covert, remember this http://www.bleepingcomputer.com/forums/t/600059/some-questions-about-tails/#entry3899169
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#5 Foldingchair

Foldingchair

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:03:30 PM

Posted 14 April 2016 - 10:11 AM

Doesn't this mean you'd still have to install an add-on made by a "creative coder" in order for your other addons to be exploited in the first place?


"Peace and blessings be upon you all."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users