Tips and Tricks Mozilla Firefox Keyboard Shortcuts Page Source - CtrlCmd+U
Please pardon our mess while we undergo some maintenance changes We are currently updating our website Where the users have the power to submit, vote, and talk about Mozilla and Firefox News, Firefox Extension, Mozilla Development, Mozilla Stories are chosen by the community members and the editors. Get Involved a global community working together
Mozilla enjoys a large development community to build add-ons for its Firefox browser. Now it seems all that development might not be a good thing. A security researcher in Indiana has found that the process used to update some of these add-ons automatically appears to be flawed, allowing criminal hackers to intercept the browser's call to the developer to see if there's a new version available. Worse, the most vulnerable add-ons aren't from vendors you've never heard of; they include brand-name sites like Google, Yahoo, Facebook, and LinkedIn.
[...]
Add-ons not vulnerable to this type of attack include NoScript, Greasemonkey, and AdBlock Plus. Secure add-ons can be downloaded from the official Firefox Add-ons website.
Soghoian says he contacted Google and other developers and told Mozilla and specific about this vulnerability on April 16, 2007. Many vendors ignored him. Mozilla did work with some vendors, such as eBay, to fix the problem and has updated its developer site to include safe coding practices to guard against this attack. Abiding by the CERT vulnerability disclosure policy, Shogoian went public 45 days after notifying CERT and the vendors affected.
Discuss Add this link to...
More From gialloporpora
[...]
Add-ons not vulnerable to this type of attack include NoScript, Greasemonkey, and AdBlock Plus. Secure add-ons can be downloaded from the official Firefox Add-ons website.
Soghoian says he contacted Google and other developers and told Mozilla and specific about this vulnerability on April 16, 2007. Many vendors ignored him. Mozilla did work with some vendors, such as eBay, to fix the problem and has updated its developer site to include safe coding practices to guard against this attack. Abiding by the CERT vulnerability disclosure policy, Shogoian went public 45 days after notifying CERT and the vendors affected.
Discuss Add this link to...
More From gialloporpora
Foxiewire a News site dedicated to everything Mozilla Your Source for Daily Mozilla News, Community run site that provides daily news stories on all of Mozilla's products and projects.
We are honored at WOT to be recommended by Mr. Maone as additional...
Blast eejits, why don't you put instructions on the page where I download...
Now on mozilla addons
We need a ninja developer to help bring us to the finish line. Please...
I'm still looking to be reviewed and approuved.
Any advices,... This is really an innovative add-on. I am blown way how helpful this... thanks for sharing the extension... I think its making good progress....
Any advices,... This is really an innovative add-on. I am blown way how helpful this... thanks for sharing the extension... I think its making good progress....
Comments