Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension

From: Steve Friedl <steve () unixwiz net>
Date: Mon, 14 Jul 2008 12:33:55 -0700
On Mon, Jul 14, 2008 at 01:55:12PM +0300, Andrei Hanganu wrote:

I have recently started work on a xpcom component for Firefox,
astonished i was by the fact that in an XPI archive file one can
include binary libraries (dll/so files) that get auto loaded in
firefox via a precise function prototype. The problem is that the code
in that component is allowed to do anything the user that runs firefox
has credentials to do.


I don't know if there have been any prior reports of malicious Firefox
components, but I was very surprised to find that one cannot tell whether
a Firefox addon is code-bearing or not, and that Firefox has weaker
management facilities for things like this than IE/ActiveX.

I wrote about this in a Tech Tip some time ago:

        Comparing Security Implications of IE and Firefox add-ons
        http://www.unixwiz.net/techtips/browser-addins.html


Wham i am curious is if there have ever been reported malicious
mozilla extensions, and if besides the signing of the addon is there
any other way to protect from such addons.


I don't think this is something that a user can do anything about.

Steve

-- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: