Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

Android Leftovers

Leftovers: OSS

Ubuntu 16.04 Review: What’s New for Desktop Users

Ubuntu is a tricky distribution. As much as I love it on my home server, my desktop is a different ballgame. In my experience, releases between LTS versions have many new technologies that may or may not survive in the next LTS. There were many technologies or features that Canonical thought were ambitious -- HUD, experimenting with menus, online dash search, Ubuntu Software Center, etc. -- but they were abandoned. So, if I were to use Ubuntu on my desktop, I would still choose LTS. Read more

Workflow and efficiency geek talks Drush and Drupal

I started using Drupal because I needed an open source content management system (CMS) to use in several community projects. One of the projects I was involved with was just getting started and had narrowed its CMS selection down to either Drupal or Joomla. At the time I was using a different framework, but I had considered Drupal in the past and knew that I liked it a lot better than Joomla. I convinced them to go with the new Drupal 6 release and converted all of my other projects for consistency. I started working with Drush because I wanted a unified mechanism to work with local and remote sites. My first major contribution to Drush was site aliases and sql-sync in Drush 3. Read more