On 4/10/2016 5:36 AM, jb wrote:
Tor Browser users: NoScript and other popular Firefox add-ons open millions to new attack http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/ TB supplies default extensions, from which two are TB project's own and should be subjected to an extension review process like those vetted by Mozilla. The researchers provide a CROSSFIRE tool to analyze them. Google search: CrossFire: An Analysis of Firefox Extension-Reuse Of course, one more reason to be careful about using add-ons in TB. jb
From same page:"Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities." "Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and FlashGot Mass Down all contained bugs that made it possible for the malicious add-on to execute malicious code. Many of those apps, and many others analyzed in the study, also made it possible to steal browser cookies, control or access a computer's file system, or to open webpages to sites of an attacker's choosing."
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk