Firefox addons are opening millions of users to malware attacks

Recent reports on internet are warning users of Mozilla Firefox about the addons that have exposed millions of users to malware attacks. Some of the popular Firefox addons on this list are NoScript, Firebug, and several other popular extensions of this browser. According to these reports, these Firefox addons are opening millions of users to a new type of malware attack. This attack can sneakily execute the malicious code and then steal sensitive data. This is a more severe situation for the Mac and Windows PC users, as the hackers can take control of Windows computers and Mac OS X using these Firefox addons.

firefox addons vulnerable

NoScript, Firebug, etc, Firefox addons vulnerable

The reports were generated by the researchers from Northeastern University. According to them, the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla Foundation’s plug-in vetting process for its Firefox browser. These findings were presented at the Black Hat Asia. One of the researchers, William Robertson, who is also an assistant professor at Northeastern University mentioned in his report,

“Attackers could write an extension that looks innocuous to anyone reviewing the plug-in. But once added to the Firefox browser, the benign looking extension could easily exploit a second Firefox extension to plant malware on the user’s computer,”

In their report, the researchers further mention that nearly 2,000 Firefox addons can be exploited by the malware writers via “extension-reuse vulnerabilities”. Some of these addons are from the top 10 popular Firefox addons.

These Firefox addons were tested for the desktop version of the browser on Windows and Mac OS X platforms. Both of these platforms were found to be vulnerable to the malware attacks due to the addons.

The unnoticeable weakness in Firefox browser to isolate the addons has ultimately allowed the attacker-developed add-on to conceal its malicious behavior. The malicious program exploits the vulnerabilities in popular third-party addons. These addons further allow the same nefarious actions to be carried out.

Download this VPN to secure all your Windows devices and browse anonymously
Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.


  1. Steve from Customer Service

    Nice article… you just have to be smart about the extensions; keep your browser version current and minimize the use of extensions. I do not save my passwords in Firefox, I always clear the cache & cookies on exit, and only use the Ad-block Plus extension. That’s the best way I know how to keep exposure to a minimum, my friend.

  2. Firefox Forever!

    And Windows has been exposing users to viruses, malware, spyware, and other malicious software since the old DOS days in the 1980s. Remember IE5 and 6? Two of the worst browser releases in the history of mankind. And you know what? Microsoft Edge is no better…

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 3 =