Zero-Day Vulnerabilities in Firefox Extensions Discovered
Nov 20, 2009, 18:33 (0 Talkback[s])
[ Thanks to An Anonymous Reader for
this link. ]
"At the SecurityByte & OWASP AppSec Conference in
India, Roberto Suggi Liverani and Nick Freeman, security
consultants with security-assessment.com, offered insight into the
substantial danger posed by Firefox extensions.
"Mozilla doesn't have a security model for extensions and
Firefox fully trusts the code of the extensions. There are no
security boundaries between extensions and, to make things even
worse, an extension can silently modify another extension.
"Any Mozilla application with the extension system is vulnerable
to same type of issues. Extensions vulnerabilities are platform
independent, and can result in full system compromise."
- Mozilla Firefox plugin check will make the web a safer place(Oct 15, 2009)
- Cool things with SELinux... Introducing sandbox -X(Sep 17, 2009)
- How to Run 32-bit Apps in 64-bit Linux(Aug 12, 2009)
- Using Firefox to download flash movies without any extra extensions on Linux(Jun 18, 2009)
- FireFox 3.5, Plugins and the Meaning of Life(Jun 12, 2009)
- Walsh: Introducing the SELinux Sandbox(May 27, 2009)
- Browser Plugins May Strip SELinux Protections(Apr 23, 2009)
- How to Install Adobe Flash in Debian Etch/Lenny/Sid(Jan 05, 2009)
- IE, Firefox, and the Add-on Security Problem(Nov 24, 2008)