Recent reports on internet are warning users of Mozilla Firefox about the addons that have exposed millions of users to malware attacks. Some of the popular Firefox addons on this list are NoScript, Firebug, and several other popular extensions of this browser. According to these reports, these Firefox addons are opening millions of users to a new type of malware attack. This attack can sneakily execute the malicious code and then steal sensitive data. This is a more severe situation for the Mac and Windows PC users, as the hackers can take control of Windows computers and Mac OS X using these Firefox addons.
NoScript, Firebug, etc, Firefox addons vulnerable
The reports were generated by the researchers from Northeastern University. According to them, the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla Foundation’s plug-in vetting process for its Firefox browser. These findings were presented at the Black Hat Asia. One of the researchers, William Robertson, who is also an assistant professor at Northeastern University mentioned in his report,
“Attackers could write an extension that looks innocuous to anyone reviewing the plug-in. But once added to the Firefox browser, the benign looking extension could easily exploit a second Firefox extension to plant malware on the user’s computer,”
In their report, the researchers further mention that nearly 2,000 Firefox addons can be exploited by the malware writers via “extension-reuse vulnerabilities”. Some of these addons are from the top 10 popular Firefox addons.
These Firefox addons were tested for the desktop version of the browser on Windows and Mac OS X platforms. Both of these platforms were found to be vulnerable to the malware attacks due to the addons.
The unnoticeable weakness in Firefox browser to isolate the addons has ultimately allowed the attacker-developed add-on to conceal its malicious behavior. The malicious program exploits the vulnerabilities in popular third-party addons. These addons further allow the same nefarious actions to be carried out.
- Tags: Firefox