Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here

More in Tux Machines

Fedora 21 Through Fedora 23 Performance On An Apple MacBook Air

The latest Linux benchmarks I ran this weekend in welcoming the new Phoronix Premium subscribers participating in our Black Friday deal are some MacBook Air benchmarks on Fedora 21, Fedora 22, and Fedora 23. Read more

An Everyday Linux User Review Of Chakra Linux 2015.11 "Fermi"

Chakra probably also isn't for you if you are a casual computer user who has chosen Linux because you prefer it to Windows but you still like it to be straight forward with perhaps menus, point and click installers and straight forward connections to your hardware. Chakra might be for you however if you have been using Linux for quite some time and you are looking to have more control, use the command line a little more and have a closer affinity with how things really work. Read more