Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

Manjaro Xfce 0.9.0 Pre2 Arrives with Lots of Fixes, Already Looks Promising

Manjaro Xfce 0.9.0 Pre2, a Linux distribution based on well-tested snapshots of the Arch Linux repositories and 100% compatible with Arch, has been released. The devs have made quite a few improvements to it and users have been asked to test it. Read more

Good Guy NVIDIA Releases New Linux Legacy Driver for Users with Old Cards

NVIDIA has released a new branch of Legacy drivers for the Linux platform and they are the most advanced versions you can get right now for old video cards. Read more

5 Reasons Your Company Should Open Source More Code

Given intense competition for the world's best engineering talent, can your company really afford to lock up its code behind proprietary licenses? Sure, if you're in the business of selling software, giving it all away may not make sense. But the vast majority of companies don't sell software, and should be contributing a heck of a lot more as open source. Read more

Docker chief operator: Why the open source container project is taking a new shape

With a quadrupling of contributors over the past year, the open-source Docker container project has unveiled a new structure aimed at dealing with that accelerating growth. The reorganisation, which itself went through the community's design process, is intended to increase Docker's openness and accessibility, and enable the project to increase in size massively without affecting core qualities, such as response times and good communication. Read more