Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Firefox extension flaw exposes millions to cyber attacks

  • Please log in to reply
4 replies to this topic

#1 JohnC_21


  • Members
  • 24,452 posts
  • Gender:Male
  • Local time:01:04 PM

Posted 06 April 2016 - 10:31 AM

CYBER SECURITY BOFFINS have uncovered a flaw in the way Firefox handles third-party browser extensions that could expose millions of users to sneaky malware.

Researchers from the Northeastern University in Boston discovered a flaw that allows hackers to stealthily execute malicious code hiding behind seemingly innocent extensions, such as NoScript and Firebug. They can then steal personal data or even seize control of a machine's resources.

The flaw stems from a weakness in Firefox’s extension structure, which doesn’t isolate various browser add-ons. This allows them to connect to the capabilities of other popular third-party extensions.   


But Firefox users can breathe a little easier because it’s not clear whether the flaw has actually been used in any extensions, as the researchers demonstrated it only as a proof-of-concept. They have supplied the attack framework to Mozilla so that the company can firm up the way it handles security in reviewing extension approvals.


Edited by JohnC_21, 06 April 2016 - 10:33 AM.

BC AdBot (Login to Remove)


#2 TheJokerz


  • Members
  • 287 posts
  • Gender:Male
  • Location:Ohio
  • Local time:01:04 PM

Posted 06 April 2016 - 10:46 AM

Good find JohnC thanks for sharing!


#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,773 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:04 PM

Posted 07 April 2016 - 05:00 PM

How in the dark we all would be if it were not for proof-of-concept researchers.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:05:04 AM

Posted 09 April 2016 - 08:07 PM

How in the dark we all would be if it were not for proof-of-concept researchers.

A truly accurate statement, worth your weight in gold.

Some proof-of-concepts are still kept covert, remember this http://www.bleepingcomputer.com/forums/t/600059/some-questions-about-tails/#entry3899169

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.



#5 Foldingchair


  • Members
  • 109 posts
  • Gender:Female
  • Location:Netherlands
  • Local time:06:04 PM

Posted 14 April 2016 - 10:11 AM

Doesn't this mean you'd still have to install an add-on made by a "creative coder" in order for your other addons to be exploited in the first place?

"Peace and blessings be upon you all."

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users