[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] web browser add-on extensions vulnerabilities

On 4/10/2016 5:36 AM, jb wrote:
Tor Browser users:

NoScript and other popular Firefox add-ons open millions to new attack

TB supplies default extensions, from which two are TB project's own and should
be subjected to an extension review process like those vetted by Mozilla.

The researchers provide a CROSSFIRE tool to analyze them.
Google search:
CrossFire: An Analysis of Firefox Extension-Reuse

Of course, one more reason to be careful about using add-ons in TB.

From same page:
"Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities." "Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and FlashGot Mass Down all contained bugs that made it possible for the malicious add-on to execute malicious code. Many of those apps, and many others analyzed in the study, also made it possible to steal browser cookies, control or access a computer's file system, or to open webpages to sites of an attacker's choosing."
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to