Remote Vulnerability in Firefox Extensions
scar
scar at drigon.com
Thu Jun 21 18:02:02 UTC 2007
coderman @ 2007/05/30 00:00:
> it would be trivial for a rogue exit to use this technique. public
> wifi users should also take note.
>
> check your firefox extensions!
>
> http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html
>
> """
> A vulnerability exists in the upgrade mechanism used by a number of
> high profile Firefox extensions. These include Google Toolbar, Google
> Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar,
> AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft
> Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others,
> mainly commercial extensions...
>
> Users are vulnerable and are at risk of an attacker silently
> installing malicious software on their computers. This possibility
> exists whenever the user cannot trust their domain name server (DNS)
> or network connection. Examples of this include public wireless
> networks, and users connected to compromised home routers.
> """
>
> best regards,
>
it seems to me that many addons which are downloaded from https://addons.mozilla.org/ use different, non-https, addresses to check for and download updates. i can see in vidalia, after telling firefix to check for updates, many connections are made to port 80. so, would this vulnerability exist with all of those addons as well? how to find out what address each addon uses to download updates? comments please on this observation. thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070621/d7c7d92e/attachment.pgp>
More information about the tor-talk
mailing list