Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

Ubuntu Linux 15.04 Vivid Vervet Beta Mate Flavor

Ubuntu Linux 15.04 will be released in April. There is not a lot new for the average desktop user in the new release, as far as I can tell. One good “change” is a feature called “locally integrated menus.” This is where the menus are, by default, where they are supposed to be, instead of, well, invisible until you stab at the menu bar that must reside at the top of your screen in Ubuntu with Unity. Then the menu appears and maybe you can use it. That was a bad idea, and over the last few revisions of Ubuntu with Unity, the top menu bar menus have slowly gone away, first as something you could make go away by tweaking around, then an option to make them go away, and finally, they went away (but you can have the annoying disappearing menus if you want). Read more

Valve Is Showing That Steam Is Finally Shaking Off the Windows Dependency

If anyone had any doubts about the commitment of Valve to the Linux operating systems, they should be put to rest with the latest SteamOS sale. It just shows how serious the company really is and that it will carry out its promises, of breaking the Windows monopoly on gaming. Read more

Raspberry Pi 2 review

The new Raspberry Pi 2 proclaims that it is 6x faster than the original Pi, taking the original machine to a new level. The big leaps focus on the processor and memory, with the machine now replacing a single core CPU with a quad core Broadcom BCM2836 CPU. The RAM has jumped to a very respectable 1GB. Read more

Compulab Utilite2 Ubuntu mini PC now available for $192 and up

CompuLab’s Utilite2 is a tiny computer with a Qualcomm Snapdragon 600 processor and support for Ubuntu Linux or Google Android software. The company unveiled the 3.4″ x 2.3″ x 1.1″ computer in December, and now it’s available for purchase. Read more