Tracey Capen’s latest article, “Security issues with Flash Player and Firefox,” in Windows Secrets[/url] (paid) warns of a dangerous widespread security threat in Firefox and other Mozilla based browsers that I hope will soon be patched. Essentially most Firefox add-ons and plug-ins likely open up your browser to multiple hacks (redirects). This is really bad. Hopefully it is really a short lived threat.
read more about it here:
http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
“NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected….”
[note: posted here because of its security threat. Could have posted in third party browser forum but it seemed more important here.]
