Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

Ubuntu Touch OTA-4 Update to Let Users Import SIM Contacts

A fresh OTA update is being prepared for Ubuntu Touch, and it should land soon. Developers have released some of the most important improvements that will be implemented in the upcoming release. Read more

Fedora Tools

  • Future Plans For Changing Fedora's Installer
    Over the last couple weeks there has been an "Anaconda Wishlist" thread occurring on Fedora's desktop mailing list. The thread, and the associated Workstation Working Group meeting, are directed at the future of the Fedora Anaconda Installer.
  • Tweak Your Fedora 22 Desktop Using Fedy And PostinstallerF
    None of the Linux distributions comes with all essential applications for daily usage, Agree? You have to install additional Repositories, softwares like Chrome, Flash player, Java or something in order to get a perfect distro for the daily usage. We can do it in two methods. First, you can manually search and install all the required softwares one by one, and the second one is you can use a tool that will help you to find and install all essential applications from one place. Which method would you prefer? I prefer the second method most, not because it is easy, but also it saves some time.
  • 27 ‘DNF’ (Fork of Yum) Commands for RPM Package Management in Linux

Red Hat CEO: Public cloud "obscenely expensive at scale"

Whitehurst believes Amazon Web Services (AWS) makes sense for test and dev, but it can't compete with private cloud at scale. Do you agree? Read more Also:

Intel Gets 'Clear' About Linux and Containers

Imad Sousou, VP in Intel's Software and Services Group and GM of the Intel Open Source Technology Center, discusses the Clear Linux and Clear container efforts. Read more