Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Ubuntu Snappy Core Runs on Banana Pi BPI-M2 with Linux Kernel 4.1.6, Download Now

After reporting last week news about the Ubuntu MATE 15.04 (Vivid Vervet) operating system running on the Banana Pi BPI-M1 SBC (Single-board computer) device, we're informing you today that Snappy Ubuntu Core runs on Banana Pi BPI-M2. Read more

Linux 4.3

Using Linux Mint: Common tasks, features and to-dos for the first-timer

Linux-based operating systems are like those friends you make in high school--you know the type: reserved, quirky and not quite like the rest of the pack. But intelligent and the kind that, once you get to know them, will stand by you through thick and thin. Ok, that may be a stretch, but you get the idea. Linux comprises but a fraction of a percent of operating systems deployed, and with reason--it’s traditionally been difficult to set up and use. Which is why it used to appeal only to users with a higher level of computer proficiency: basically geeks. But while this was the case back in the day, plenty has changed--today installing and using it is very comparable to the Windows experience. Read more

Google, Microsoft Create Alliance for Open Media

The founding members are Amazon, Cisco, Google, Intel Corporation, Microsoft, Mozilla and Netflix. The goal is to "create a new, open royalty-free video codec specification based on the contributions of members, along with binding specifications for media format, content encryption and adaptive streaming." The word open is used many times in the announcement, but only once with source. Is "open" the same thing as "open source?" Roy Schestowitz at Tuxmachines.org doesn't think so. He organized the news of the AOM under the title "OpenWashing (Fake FOSS)." Read more Also: Comments on the Alliance for Open Media, or, "Oh Man, What a Day" Mozilla's mobile misstep puts the Web at risk