Language Selection

English French German Italian Portuguese Spanish

Silent installs of add-ons still possible in Firefox

Filed under
Moz/FF

A security researcher has demonstrated how it is still possible to silently install extensions, or as Mozilla calls them add-ons, for the open source Firefox web browser. In a blog post, Julian Sobrier of ZScaler detailed the process, which makes use of the fact that Firefox uses an Sqlite3 database to maintain information about which add-ons are installed and, of those, which ones have been approved by the user.

This feature, introduced in Firefox 8, was designed to stop toolbars and other applications adding in their own add-ons without informing the user. Sobrier's technique shows though that the mechanism is relatively easy to overcome. Add-ons have privileged access to the browser and therefore a malicious add-on could do anything including stealing the user's history, modifying pages' contents or disabling security features in the browser.

rest here




More in Tux Machines

OpenSUSE 13.2 Beta

Migrating From Windows 7 To Ubuntu: The Ultimate Guide

Despite what all the Linux haters say, choosing Ubuntu is logical and migrating from Windows 7 to Ubuntu is a breeze. This article summarizes the process and provides solutions to some of the most common beginner hiccups. The Windows Vs Mac Vs Linux debate has been going on for years and doesn’t look to be settled anytime soon. If you are a Windows 7 user and still haven’t made the switch to Windows 8, you may want to consider migrating to Ubuntu 14.04, the latest Linux distro from Ubuntu. In addition to strong support from developers and a massive software repository, it’s free, faster and safer than Windows. Read more

7 killer open source monitoring tools

Network and system monitoring is a broad category. There are solutions that monitor for the proper operation of servers, network gear, and applications, and there are solutions that track the performance of those systems and devices, providing trending and analysis. Some tools will sound alarms and notifications when problems are detected, while others will even trigger actions to run when alarms sound. Here is a collection of open source solutions that aim to provide some or all of these capabilities. Read more

Reader Forum: Accelerating ‘IoT’ with an open-source, embedded platform for connected applications

Providing an end-to-end solution for building and deploying new connected applications extremely quickly, at scale, and at a fraction of the cost compared to conventional processes is key to streamlining M2M development. And, using an open-source, Linux-based platform, companies can run applications on any vendor’s hardware and use any cloud management platform. Read more