An analyst Axelle Apvrille from the Fortinet Blog has uncovered the security threats and loopholes in the underlying technology base for Firefox OS. She has developed an application for Firefox called CrackMe and has explored the malware threats and possibilities in the Firefox OS during the development. She says it is very easy in the Firefox OS to introduce malware and phishing.
Firefox OS will also support hosted web applications which can do more harm than good. This enables malware authors to employ the phishing which uses a minor and a confusing modification in a web page to redirect the victim to the malicious website instead of the real one. For instance, if a genuine application is hosted at hxxp://facebook.firefox.os.application.com, the malware authors will host it at hxxp://facebook.firefox.os.applications.com with only an extra ‘s’ after application in the URL to differentiate between the real and malicious application. This increases the probability of victims hitting the malicious application every now and then.
She concludes that it is disappointing to know that Firefox OS has the worst from the point of view of privacy and security. Mozilla has always laid emphasis on security and privacy, but it seems that in case of Firefox OS, it has preferred to keep it open source by compromising its security.
We will leave the judgment until the Firefox OS becomes mainstream.