Penetration Testing mailing list archives
Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension
From: Alexandru Burciu <alexbu () gmail com>
Date: Sat, 26 Jul 2008 22:25:11 +0300
Hi Andrei, Here's just a quick example of such threat:FFsniFF (FireFox sniFFer) is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try to find a non-blank password field in the form. If it's found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the 'Extensions manager'. This extension is meant to be as an example of the 'evil side of Firefox extensions'.
http://azurit.elbiahosting.sk/ffsniff/ On Mon, Jul 14, 2008 at 1:55 PM, Andrei Hanganu <handrei () gmail com> wrote:
I have recently started work on a xpcom component for Firefox, astonished i was by the fact that in an XPI archive file one can include binary libraries (dll/so files) that get auto loaded in firefox via a precise function prototype. The problem is that the code in that component is allowed to do anything the user that runs firefox has credentials to do. Wham i am curious is if there have ever been reported malicious mozilla extensions, and if besides the signing of the addon is there any other way to protect from such addons. Andrei
-- Alexandru.Burciu http://www.linkedin.com/in/alexbu
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Malicious Mozilla/Firefox/Thunderbird/Etc Extension Andrei Hanganu (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Steve Friedl (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Todd Haverkos (Jul 14)
- Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension Alexandru Burciu (Jul 28)