Evil side of Firefox extensions

Discussion in 'other security issues & news' started by StevieO, Mar 2, 2006.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    http://seclists.org/lists/bugtraq/2006/Mar/0016.html


    StevieO
     
    Last edited by a moderator: Mar 4, 2006
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    You need to run a script to install an extension, and noscript blocks this so it isn't a problem. Firefox always warns when a source is trying to install an extension, so I don't see how this is a danger?

    Alphalutra1
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    That´s why I think all plugins/extensions for browsers like FF and Maxthon should be first tested (by pros) plus they should be available from only one central site. Good idea or not? :)
     
    Last edited: Mar 2, 2006
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    This comes back to good old advice - download from reputable sources.
    Like addons.mozilla for instance...
    Mrk
     
  5. GUI_Tex

    GUI_Tex Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    189
  6. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    It's a danger only if there is some way to bypass the site whitelisting process
    and those are bugs that should be fixed. But so what, the same problems can exist for ActiveX where ways are found to install and run Activex despite your settings.

    The masses (even the 'knowledgable' masses here) have being edcuated that Activex = bad. Some might even know the reason why ActiveX is dangerous compared to say javascript which is less so.

    But the notion that Firefox extensions can be equally dangerous has not, I suspect trickled down to the masses yet. Anything bad an activeX control can do, a firefox extension can do as well......
     
Loading...
Thread Status:
Not open for further replies.