A Remote Vulnerability in Firefox Extensions

Search
Categories
- News (98)
- Tips (47)
- Tools (191)
  - Anti-Spam (17)
  - Anti-Spyware (18)
  - Anti-Virus (19)
  - Content Filtering (15)
  - Disassembler (4)
  - Encryption (31)
  - Firewall (22)
  - Forensics (9)
  - Freeware (139)
  - Hardware (15)
  - IDS/IPS (38)
  - Linux/Unix (120)
  - Live CD (8)
  - Network (142)
  - OSX (77)
  - Packet Sniffer (28)
  - Password Cracker (8)
  - Patch Management (8)
  - Port Scanner (23)
  - VPN (12)
  - vulnerability Scanner (52)
  - Windows (115)
  - Wireless (16)
Archives
Books

Security Books

A Remote Vulnerability in Firefox Extensions

Christopher Soghoian is reporting that many popular Firefox extensions like Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial have vulnerability in the upgrade mechanism.

Users are vulnerable and are at risk of an attacker silently installing malicious software on their computers. This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers.

Here’s a video demo of the attack against Google Browser Sync. It is recommended to disable or delete insecure extensions from your browser until there’s a fix.

(No Ratings Yet)

Loading ...

You might be interested in these as well:

Security Tools News & Tips

Search

Categories

Archives

Books

Featured

Subscription

Popular

Security Alerts

Security Sites

Vulnerabilities

A Remote Vulnerability in Firefox Extensions

Post a comment