Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Android Leftovers

GNOME Shell vs. KDE Plasma Graphics Tests On Wayland vs. X.Org Server

A premium member this week had requested some benchmarks of openSUSE Tumbleweed when looking at the performance of KDE Plasma vs. GNOME Shell in some open-source graphics/gaming tests while also looking at the Wayland vs. X.Org Server performance. With KDE Plasma 5.12 that openSUSE Tumbleweed has picked up, there is much better Wayland session support compared to previous releases. While KDE developers aren't yet ready to declare their Wayland session the default, in my experience so far it's been working out very well but still routinely will find application crashes in Kate and the like when testing under the KWin's Wayland compositor. Read more

Stable kernels 4.15.6, 4.14.22, 4.9.84, 4.4.118 and 3.18.96

Android Leftovers