Hijacking Firefox Via Insecure Add-Ons RRS feed

  • Question

  • An anonymous reader writes "Many makers of extensions or add-ons for Firefox are introducing ways for bad guys to hijack the Web browser, new research suggests. A great many add-ons are updated over insecure (non https://) connections, providing an avenue for attackers to replace the extension with an evil update. Google's add-ons are particularly vulnerable, because they update automatically without notifying the user. From the story: 'Ideaf an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore — a fairly trivial attack given the myriad free, point-and-click hacking tools available today — he could also intercept this update process and replace a Firefox add-on with a malicious one.'"
    Thursday, May 31, 2007 1:15 PM

All replies

  • I thought firefox was a secure one.. Oops , there are loop-holes there too...
    Thursday, May 31, 2007 4:26 PM
  • The loopholes are not in firefox but in the plugin that are  distributed through unrecognised or improper sites.So, one should make it a point to install plugins from Mozilla sites only.

    Also,this is not a general news but a persons views and they are not even telling his name so it may be true that these all turn out to be false

    I gave this news to tell all users to install add-ons from Mozilla sites only.
    Thursday, May 31, 2007 4:44 PM
  • So, atlast even firefox is geeting hijacked...it had to..because it was a newbie in the market so hackers qwere still busy hacking it, but as and when the times progresses, it will also be vulnerable just like , people used to compare that IE is much more prone to security risks


    But i can bet and say that, if firefox stays in the market the same number of tyears IE is staying then, time will surely come when firefox will get hijhacked.....


    IE still rocks for me...

    Wednesday, June 6, 2007 8:25 AM
  • People attack what is more popular Smile
    Wednesday, June 6, 2007 6:00 PM
  • very great find!!!
    Saturday, June 9, 2007 11:50 AM