Christopher Soghoian is reporting that many popular Firefox extensions like Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial have vulnerability in the upgrade mechanism.
Users are vulnerable and are at risk of an attacker silently installing malicious software on their computers. This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers.
Here’s a video demo of the attack against Google Browser Sync. It is recommended to disable or delete insecure extensions from your browser until there’s a fix.