Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension

[Todd Haverkos <infosec () haverkos com>]

"Andrei Hanganu" <handrei () gmail com> writes:

> I have recently started work on a xpcom component for Firefox,
> astonished i was by the fact that in an XPI archive file one can
> include binary libraries (dll/so files) that get auto loaded in
> firefox via a precise function prototype. The problem is that the code
> in that component is allowed to do anything the user that runs firefox
> has credentials to do.
> Wham i am curious is if there have ever been reported malicious
> mozilla extensions, and if besides the signing of the addon is there
> any other way to protect from such addons.

I vaguely recall this in March:

http://blog.trendmicro.com/malicious-firefox-extensions/

and, more recently, there was a big deal made of issues with teh
updgrade mechanism:

http://arstechnica.com/news.ars/post/20060726-7360.html

I'm sure there are better links for these issues but these are what
came up in my traditional 20 seconds of search term creation.  :-) 

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------