Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension
From: Alexandru Burciu <alexbu () gmail com>
Date: Sat, 26 Jul 2008 22:25:11 +0300

Hi Andrei,
Here's just a quick example of such threat:

FFsniFF (FireFox sniFFer) is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on 'Submit' button, FFsniFF will try to find a non-blank password field in the form. If it's found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the 'Extensions manager'. This extension is meant to be as an example of the 'evil side of Firefox extensions'.

http://azurit.elbiahosting.sk/ffsniff/


On Mon, Jul 14, 2008 at 1:55 PM, Andrei Hanganu <handrei () gmail com> wrote:
I have recently started work on a xpcom component for Firefox,
astonished i was by the fact that in an XPI archive file one can
include binary libraries (dll/so files) that get auto loaded in
firefox via a precise function prototype. The problem is that the code
in that component is allowed to do anything the user that runs firefox
has credentials to do.
Wham i am curious is if there have ever been reported malicious
mozilla extensions, and if besides the signing of the addon is there
any other way to protect from such addons.

Andrei



--
Alexandru.Burciu
http://www.linkedin.com/in/alexbu

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault