Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Top Web Browsers for Linux

No matter which Linux distro you prefer, I believe the web browser remains the most commonly used software application. In this article, I'll share the best browsers available to Linux users. Chrome – No matter how you feel about the Chrome browser, one only need to realize the following: Local news still streams in Flash and Chrome supports this. Netflix is supported using Chrome. And of course, Chrome is faster than any other browser out there. Did I mention the oodles of Chrome extensions available including various remote desktop solutions? No matter how you slice it, Chrome is king of the jungle. Read more

Linux Kernel 4.4.22 LTS Brings ARM and EXT4 Improvements, Updated Drivers

Immediately after announcing the release of Linux kernel 4.7.5, renowned kernel developer and maintainer Greg Kroah-Hartman informed the community about the availability of Linux kernel 4.4.22 LTS Read more

Tor Project Releases Tor (The Onion Router) 0.2.8.8 with Important Bug Fixes

The Tor Project announced recently the release of yet another important maintenance update to the stable Tor 0.2.8.x series of the open-source and free software to protect your anonymity while surfing the Internet. Read more

SODIMM-style i.MX7 COM features dual GbE, WiFi/BT, eMMC

Variscite’s Linux-driven “VAR-SOM-MX7” COM is shipping with an i.MX7 Dual SoC, WiFi and BLE, dual GbE, and optional eMMC and extended temp. support. Variscite’s VAR-SOM-MX7 follows many other Linux-ready computer-on-modules based on NXP’s i.MX7 SoC, which combines one or two power-stingy, 1GHz Cortex-A7 cores with a 200MHz Cortex-M4 MCU for real-time processing. While most of these offer a choice of a Solo or Dual model, and the NXP/Element14 WaRP7 offers only the Solo, the SODIMM-style VAR-SOM-MX7 taps the dual-core Dual. Unlike most of these modules, but like the WaRP7 and the CompuLab CL-SOM-iMX7, Variscite’s entry offers onboard WiFi and Bluetooth, in this case Bluetooth 4.1 with BLE. Read more