Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Evil side of Firefox extensions
From: "Mike Owen" <kyphros () gmail com>
Date: Wed, 1 Mar 2006 12:07:22 -0800
On 3/1/06, azurIt <azurit () pobox sk> wrote:

the internet. The worst of all is that _anyone_, who has physical access to
your computer, can install extensions into your browser _without_ your
notification.


Not on a multi-user system. For example, on this Linux workstation, I
can install extensions for myself, but other users can't use them
because they are installed into my ~/.mozilla/firefox/blah/extensions
directory. If they are installed by root, then everyone can use them
because they are installed into /opt/firefox/extensions. If you give
everyone full access to your workstation, you deserve the
consequences.

Mike

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]