The Dangers of Firefox Extensions

Author: Donald Sears

November 20, 2009 3:41 pm

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman offered insight into the substantial danger posed by Firefox extensions. Mozilla doesn’t have a security model for extensions and Firefox fully
trusts the code of the extensions. There are no security boundaries
between extensions and, to make things even worse, an extension can
silently modify another extension. Read the full article. [Help Net Security]

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman offered insight into the substantial danger posed by Firefox extensions. Mozilla doesn’t have a security model for extensions and Firefox fully
trusts the code of the extensions. There are no security boundaries
between extensions and, to make things even worse, an extension can
silently modify another extension. Read the full article. [Help Net Security]

Suggested articles

facebook silentfade ad malware

Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M

Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, stealing Facebook credentials and browser cookies.

web browsing safe browser padlock not enough

Why Web Browser Padlocks Shouldn’t Be Trusted

Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.

mozilla firefox security flaw

Firefox 81 Release Kills High-Severity Code-Execution Bugs

Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3.