Beware extensions bearing vulnerabilites

Subject: General Tech | May 31, 2007 - 08:43 AM |
Tagged:

[H]ard|OCP has posted a warning to Firefox users about a vulnerability that can be exploited using a number of add-ons.  The problem stems from the extension updates being hosted on a third party server, and being sent unencrypted, as opposed to being over HTTPS.  This could allow an attacker to intercept the update, and replace it with their own code.

"According to Chris Soghoian, the Indiana University doctoral candidate who discovered the weakness, the vulnerability

exists for some of the most popular Firefox add-ons, including Google Toolbar, Google Browser Sync, Yahoo Toolbar,

Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar,

PhishTank SiteChecker and a number of others, mainly commercial extensions. Ironically, at least two of the toolbars

listed here are designed to help protect users from new security threats."

Here is some more Tech News from around the web:

Tech Talk


Source: [H]ard|OCP
No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.