Home page logo

pen-test logo Penetration Testing mailing list archives

Malicious Mozilla/Firefox/Thunderbird/Etc Extension
From: "Andrei Hanganu" <handrei () gmail com>
Date: Mon, 14 Jul 2008 13:55:12 +0300

I have recently started work on a xpcom component for Firefox,
astonished i was by the fact that in an XPI archive file one can
include binary libraries (dll/so files) that get auto loaded in
firefox via a precise function prototype. The problem is that the code
in that component is allowed to do anything the user that runs firefox
has credentials to do.
Wham i am curious is if there have ever been reported malicious
mozilla extensions, and if besides the signing of the addon is there
any other way to protect from such addons.


This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]