Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Nvidia 361.45.11 Graphics Driver Released for Linux, FreeBSD and Solaris Systems

Today, May 24, 2016, Nvidia released a new long-lived graphics drivers for Unix users, version 361.45.11, available now for GNU/Linux, FreeBSD, and Solaris operating systems. Read more Also: New NVIDIA 361 Linux Driver Released

Android Leftovers

NVIDIA vs. AMD OpenGL & Vulkan Benchmarks With Valve's Dota 2

Yesterday marked the public availability of Dota 2 with a Vulkan renderer after Valve had been showing it off for months. This is the second commercial Linux game (after The Talos Principle) to sport a Vulkan renderer and thus we were quite excited to see how this Dota 2 Vulkan DLC is performing for both NVIDIA GeForce and AMD Radeon graphics cards. Here are our initial Dota 2 benchmarks with Vulkan as well as OpenGL for reference when using the latest Linux graphics drivers on Ubuntu. Read more

Why Hyperledger wants to be the ‘Linux of blockchain’

Blockchain technology offers many different benefits to enterprise developers — but there’s no cross-industry open standard for how to develop it. That makes it difficult for vendors and CIO customers to place their bets and begin building it into their technology architecture. Hyperledger, a Linux Foundation project to produce a standard open-source blockchain, wants to solve that problem, and it just got an executive director, Brian Behlendorf, to help it on its way. He founded the Apache Software Foundation, was previously on the board of the Mozilla Foundation and the Electronic Frontier Foundation, and managed tech VC firm Mithril Capital Management. Read more