Remote Vulnerability in Firefox Extensions
coderman
coderman at gmail.com
Wed May 30 07:00:40 UTC 2007
it would be trivial for a rogue exit to use this technique. public
wifi users should also take note.
check your firefox extensions!
http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html
"""
A vulnerability exists in the upgrade mechanism used by a number of
high profile Firefox extensions. These include Google Toolbar, Google
Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar,
AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft
Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others,
mainly commercial extensions...
Users are vulnerable and are at risk of an attacker silently
installing malicious software on their computers. This possibility
exists whenever the user cannot trust their domain name server (DNS)
or network connection. Examples of this include public wireless
networks, and users connected to compromised home routers.
"""
best regards,
More information about the tor-talk
mailing list