[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Remote Vulnerability in Firefox Extensions
- To: or-talk@xxxxxxxxxxxxx
- Subject: Remote Vulnerability in Firefox Extensions
- From: coderman <coderman@xxxxxxxxx>
- Date: Wed, 30 May 2007 00:00:40 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 30 May 2007 03:00:50 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=I4cCNWI1LQdZonkJz7245x2XBwEc9aadyv+VVStog+tkt3n63fSD4WSKkPQQchwfNSgkkx10GY24wc8XxmtIknS8bseWUXz1umsiLkJLfZrHtcfk3ZtVgd+s5gSKcWR558/6nBaNjSTH588PXJAqW/7ZpIpbPD/aI/RPMXB1m2k=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qvRumcOq0ooV94OWjd/vXUbOiI69MP7t+STtXA9QeHIwR78UVeHHwMv+YMmrBcxJJb6T6Z9r3Qn7Rk7ZCdo3r/peHY0WvPmK5aOrYQgT5HTuiNwz96tBUVvWLpoTdOR6Rq/wBb72dN6sblcNa8ltFWqkjkyNYTjouiLtSLGeF60=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
it would be trivial for a rogue exit to use this technique. public
wifi users should also take note.
check your firefox extensions!
A vulnerability exists in the upgrade mechanism used by a number of
high profile Firefox extensions. These include Google Toolbar, Google
Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar,
AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft
Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others,
mainly commercial extensions...
Users are vulnerable and are at risk of an attacker silently
installing malicious software on their computers. This possibility
exists whenever the user cannot trust their domain name server (DNS)
or network connection. Examples of this include public wireless
networks, and users connected to compromised home routers.