“Over the past few months, it has become apparent that many
authors of malware (a category of malicious software that includes
viruses and spyware) have started targetting Mozilla users. While
it is not believed that any attackers have managed to exploit the
XPInstall mechanism to install software without the user’s consent,
several sites have tried tricks such as repeatedly asking to
install an XPI package when a page loads, taking advantage of the
fact that many users will accept the installation to make the
dialogues go away.“Fortunately, users of recent Mozilla-based browsers now enjoy
several new security safeguards designed to protect against these
sorts of attacks…”