Bugtraq mailing list archives
Firefox Observation Plugin Attack
From: "Ivan Buetler" <ivan.buetler () csnc ch>
Date: Wed, 27 Jan 2010 23:27:44 +0100
Hi, What is the level of trust we have to give into valuable firefox plugins? (potentially without checking the provided signatures or hashes, if available). Altering the plugin functionality into an observation plugin is just an easy task and I strongly recommend to work with empty firefox profiles. "./firefox -P --no-remote" Watch the movie on Hacking-Lab to understand the firefox observation hack. http://www.hacking-lab.com/download/ Regards Ivan Buetler Compass Security, Switzerland www.csnc.ch --- SWISS CYBER STORM III - WARGAMES - CTF - May 2011 ---
Current thread:
- Firefox Observation Plugin Attack Ivan Buetler (Jan 28)