Firefox Is Not As Safe As You Think
March 5, 2013 Leave a comment
Firefox is widely regarded as a very secure web browser but even Firefox has some security issues. One of those is the ease with which a third-party application can sneak potentially malicious extensions into a user’s profile. See the demo at the end of this post that shows just how easy it can be. All an application has to do is to inject a few bits into the Firefox extensions. Normally Firefox checks to see if any extensions have been added from one launch to the next and users are shown an alert if a previously unknown extension is found. The injection neutralizes that check. By flipping the correct values, Firefox can be tricked into thinking that the extension has already been given the authorized by a user. It’s also possible to append malicious code to an existing extension instead of adding a new one. That would keep the malware from showing up in the Add-ons Manager.