Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NoScript and other popular Firefox add-ons open millions ..

Apr 5, 2016 8:11PM PDT
.. to new attack

NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.

The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities.

Continued: http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/

Related:
Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack
https://threatpost.com/firefox-add-on-flaw-leaves-apple-and-windows-computers-open-to-attack/117183/
Top Firefox extensions can hide silent malware using easy pre-fab tool
http://www.theregister.co.uk/2016/04/04/top_firefox_extensions_can_hide_silent_malware_using_easy_prefab_tool/

Discussion is locked