Security vulnerabilities in add-ons imperil Firefox users
Security experts have found security problems in several popular Firefox extensions. They warn that using some plug-ins can impact the security of the entire system.
One reason for Firefox's popularity is the ability to extend it using add-ons. Some, such as NoScript, even offer improved security when surfing. There is, however, a fundamental problem – there is no defined border between the browser and the add-ons. The result is that security vulnerabilities in Firefox extensions can imperil the entire system. This is exacerbated by the fact that for many add-on developers add-on development is just a hobby and they are often far less security-savvy than the developers that work on the browser itself.
According to a recent report, security experts at a conference in India took a closer look at the problem and demonstrated exploits – including some zero-day – in several popular Firefox extensions. According to the report, RSS reader Sage versions 1.4.3 and earlier, InfoRSS 126.96.36.199 and social networking add-on Yoono 6.1.1 all contain critical security vulnerabilities.
- Firefox 3.6 locks down component directory, a report from The H.
- Vulnerability in Wikipedia Toolbar for Firefox, a report from The H.