Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.

More in Tux Machines

GNOME's Evolution Email Client Now Follows the Notification Settings of GNOME Shell

The GNOME developers are still working hard these days on the second milestone of the upcoming GNOME 3.20 desktop environment, which means that we should see more and more updates to various core components and GNOME applications. Read more Also: GNOME Shell and Mutter Updated for GNOME 3.20, Several Bugs Were Fixed

My Open Source Thanksgiving List: Wine, Netflix, OpenWrt and More

Running 3.1 miles through my hometown. Consuming unreasonable quantities of simple carbohydrates, fat and sodium. Pretending that the former activity justifies the latter. These are some of my favorite Thanksgiving traditions. Read more

BlackArch Linux ISO Images Updated with Over 100 New Tools, Multilib Support

The developers of the Arch Linux-based BlackArch GNU/Linux operating system have announced today, November 25, 2015, the immediate availability for download of a new installation media for the distribution. Read more

Snapcraft 0.5 Is Out for Snappy Ubuntu 15.04, Snapcraft 2.0 In Plan for Ubuntu 16.04

Canonical's Sergio Schvezov informs all users of the Snappy Ubuntu Core operating system for embedded and IoT (Internet of Things) devices about the release of the Snapcraft 0.5 snaps creation utility. Read more