---

Zero-Day Vulnerabilities in Firefox Extensions Discovered

[ Thanks to An Anonymous Reader for
this link. ]

“At the SecurityByte & OWASP AppSec Conference in
India, Roberto Suggi Liverani and Nick Freeman, security
consultants with security-assessment.com, offered insight into the
substantial danger posed by Firefox extensions.

“Mozilla doesn’t have a security model for extensions and
Firefox fully trusts the code of the extensions. There are no
security boundaries between extensions and, to make things even
worse, an extension can silently modify another extension.

“Any Mozilla application with the extension system is vulnerable
to same type of issues. Extensions vulnerabilities are platform
independent, and can result in full system compromise.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis