Network Security: Detailed info on Malicious Mozilla/Firefox/Thunderbird/Etc Extension

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Malicious Mozilla/Firefox/Thunderbird/Etc Extension

from [Andrei Hanganu] Network Security

[Permanent Link]

Subject:	Malicious Mozilla/Firefox/Thunderbird/Etc Extension
Date:	Mon, 14 Jul 2008 13:55:12 +0300

I have recently started work on a xpcom component for Firefox,
astonished i was by the fact that in an XPI archive file one can
include binary libraries (dll/so files) that get auto loaded in
firefox via a precise function prototype. The problem is that the code
in that component is allowed to do anything the user that runs firefox
has credentials to do.
Wham i am curious is if there have ever been reported malicious
mozilla extensions, and if besides the signing of the addon is there
any other way to protect from such addons.

Andrei

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Andrei Hanganu <= Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Steve Friedl Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Todd Haverkos Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Alexandru Burciu

Previous by Date:	Wired captive portal pen-test, Roman Medina-Heigl Hernandez
Next by Date:	Re: Wired captive portal pen-test, Mike Hale
Previous by Thread:	Wired captive portal pen-test, Roman Medina-Heigl Hernandez
Next by Thread:	Re: Malicious Mozilla/Firefox/Thunderbird/Etc Extension, Steve Friedl
Indexes:	[Date] [Thread] [Top] [All Lists]