Hackers are interested in Firefox extensions
Firefox extensions are the weakest spot in the security of this free browser. At the time of launch, each extension initiates a connection to the remote server to check for updates. The problem is that these updates can be on the "left" hosting and transmitted over an unprotected protocol. According to some experts, an attacker can easily intercept such a connection, for example, by infiltrating the wireless data transmission channel from a public hotspot.
American student Chris Soghoian (Chris Soghoian) describes in detail the vulnerability and lists the potentially vulnerable extensions that are distributed from someone else's hosting using an unprotected protocol. Among them, Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and many others.
Firefox extensions are also dangerous because they are downloaded and installed regardless of user rights.
Chris Sogoyan says that the most vulnerable are the owners of the Google Pack , because this is the only extension that is updated automatically, so that the user does not even have the ability to stop a potentially harmful process.
')
How is hacking through the extension Firefox - shown in the video ( MOV ).
via Chris Sogoyan
American student Chris Soghoian (Chris Soghoian) describes in detail the vulnerability and lists the potentially vulnerable extensions that are distributed from someone else's hosting using an unprotected protocol. Among them, Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and many others.
Firefox extensions are also dangerous because they are downloaded and installed regardless of user rights.
Chris Sogoyan says that the most vulnerable are the owners of the Google Pack , because this is the only extension that is updated automatically, so that the user does not even have the ability to stop a potentially harmful process.
')
How is hacking through the extension Firefox - shown in the video ( MOV ).
via Chris Sogoyan
Source: https://habr.com/ru/post/9213/
All Articles