Remote Vulnerability in Firefox Extensions

coderman coderman at gmail.com
Thu Jun 21 18:33:05 UTC 2007


On 6/21/07, scar <scar at drigon.com> wrote:
> ...
> it seems to me that many addons which are downloaded
> from https://addons.mozilla.org/ use different, non-https,
> addresses to check for and download updates.

the problem exists when non https is used for updates. any plugins
getting updates via http port 80 would be vulnerable.


> would this vulnerability exist with all of those addons as
> well?  how to find out what address each addon uses to
> download updates?

i haven't tested the various plugins myself.  a sniffer should tell
you quickly if updates are performed insecurely, though you may need
trial and error to determine which one is making the requests if it
isn't obvious in the data.

this would be a good subject to document on the wiki if you pursue it :)

best regards,



More information about the tor-talk mailing list