Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension

[Alexandru Burciu <alexbu () gmail com>]

Hi Andrei,
Here's just a quick example of such threat:

FFsniFF (FireFox sniFFer) is a simple Firefox extension, which 
transforms your browser into the html form sniffer. Every time the user 
click on 'Submit' button, FFsniFF will try to find a non-blank password 
field in the form. If it's found, entire form (also with URL) is sent to 
the specified e-mail address. It also has the ability to hide itself in 
the 'Extensions manager'. This extension is meant to be as an example of 
the 'evil side of Firefox extensions'.

http://azurit.elbiahosting.sk/ffsniff/


On Mon, Jul 14, 2008 at 1:55 PM, Andrei Hanganu <handrei () gmail com> wrote:
> I have recently started work on a xpcom component for Firefox,
> astonished i was by the fact that in an XPI archive file one can
> include binary libraries (dll/so files) that get auto loaded in
> firefox via a precise function prototype. The problem is that the code
> in that component is allowed to do anything the user that runs firefox
> has credentials to do.
> Wham i am curious is if there have ever been reported malicious
> mozilla extensions, and if besides the signing of the addon is there
> any other way to protect from such addons.
>
> Andrei


--
Alexandru.Burciu
http://www.linkedin.com/in/alexbu

Attachment: signature.asc
Description: OpenPGP digital signature