Penetration Testing mailing list archives
Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 14 Jul 2008 17:31:47 -0500
"Andrei Hanganu" <handrei () gmail com> writes:
I have recently started work on a xpcom component for Firefox, astonished i was by the fact that in an XPI archive file one can include binary libraries (dll/so files) that get auto loaded in firefox via a precise function prototype. The problem is that the code in that component is allowed to do anything the user that runs firefox has credentials to do. Wham i am curious is if there have ever been reported malicious mozilla extensions, and if besides the signing of the addon is there any other way to protect from such addons.
I vaguely recall this in March: http://blog.trendmicro.com/malicious-firefox-extensions/ and, more recently, there was a big deal made of issues with teh updgrade mechanism: http://arstechnica.com/news.ars/post/20060726-7360.html I'm sure there are better links for these issues but these are what came up in my traditional 20 seconds of search term creation. :-) -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Malicious Mozilla/Firefox/Thunderbird/Etc Extension Andrei Hanganu (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Steve Friedl (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Todd Haverkos (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Alexandru Burciu (Jul 28)