An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
Some of Our Sources
- Simplebits
- Just Creative
- Fuel Your Creativity
- FanExtra - PSD
- My Ink Blog
- CSS Globe
- 24 Ways
- Wal You
- Android Headlines
- Willems Lab
Help Webnuz
Referal links:
April 9, 2016 10:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GhqoQZiVf9U/popular-firefox-add-ons-open-millions-to-new-attack
Popular Firefox Add-Ons Open Millions To New Attack
An anonymous reader writes: Security researchers claim that NoScript and other popular Firefox add-on extensions are exposing millions of end users to a new type of vulnerability which, if exploited, can allow an attacker to execute malicious code and steal sensitive data. The vulnerability resides in the way Firefox extensions interact with each other. From a report on SlashGear, "The problem is that these extensions do not run sandboxed and are able to actually access data or functions from other extensions that are also enabled. This could mean, for example, that a malware masquerading as an add-on can access the functionality of one add-on to get access to system files or the ability of another add-on to redirect users to a certain web page, usually a phishing scam page. In the eyes of Mozilla's automated security checks, the devious add-on is blameless as it does nothing out of the ordinary." Firefox's VP of Product acknowledged the existence of the aforementioned vulnerability. "Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative -- our project to introduce multi-process architecture to Firefox later this year -- we will start to sandbox Firefox extensions so that they cannot share code."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/GhqoQZiVf9U/popular-firefox-add-ons-open-millions-to-new-attack
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot