In association with heise online

20 November 2009, 17:57

Security vulnerabilities in add-ons imperil Firefox users

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security experts have found security problems in several popular Firefox extensions. They warn that using some plug-ins can impact the security of the entire system.

One reason for Firefox's popularity is the ability to extend it using add-ons. Some, such as NoScript, even offer improved security when surfing. There is, however, a fundamental problem – there is no defined border between the browser and the add-ons. The result is that security vulnerabilities in Firefox extensions can imperil the entire system. This is exacerbated by the fact that for many add-on developers add-on development is just a hobby and they are often far less security-savvy than the developers that work on the browser itself.

According to a recent report, security experts at a conference in India took a closer look at the problem and demonstrated exploits – including some zero-day – in several popular Firefox extensions. According to the report, RSS reader Sage versions 1.4.3 and earlier, InfoRSS and social networking add-on Yoono 6.1.1 all contain critical security vulnerabilities.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit