Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

Apple OS X 10.10 vs. Ubuntu 14.10 Performance

While I delivered some OS X 10.10 Yosemite preview benchmarks back in August, here's my first tests of the official release of Apple OS X 10.10.1 compared to Ubuntu 14.10 Linux. Tests were done of OS X 10.9.5 and OS X 10.10.1 against Ubuntu 14.10 Utopic Unicorn when running the benchmarks under both GCC and LLVM Clang compilers. Read more

Fedora 21 review

It's been a while since my last upgrade and there has also been a gap to the latest Fedora 21 release, so now seemed like a good time. I upgraded my laptop by installing over the existing root partition but leaving the /home partition in place to maintain all my settings and files. I wasn't able to even attempt this in the Fedora 16 installer, but it was easy enough in the Fedora 21 installer and it worked surprisingly well. Downtime was only 20 minutes or so for the installation, though a couple of hours was needed to investigate various new settings etc. Read more

Rescatux Is a Useful Tool to Fix Grub and Promote Windows Users to Admin

Rescatux, a Linux distribution that allows users to perform all kinds of rescue operations with the help of an easy-to-use wizard called Rescapp, has been upgraded to version 0.32 Beta 3, and the developer has made a number of important fixes. Read more

Finland’s Innovillage spurs open development of e-gov services

Finlands Innovillage - an online collaborative platform for the development and implementation of new government service models and practices - shows that innovation demands an open process that involves users, professionals, managers, experts and policy-makers. “Fundamentally, e-government innovation needs to be open and allow participation”, says Pasi Pohjola, coordinator of Finland’s Development Programme for Social Welfare and Healthcare. Read more