Solve : Firefox User? Be Aware Of Two More Malicious Add-Ons?

1.	Solve : Firefox User? Be Aware Of Two More Malicious Add-Ons?
Answer» Mozilla has released information in an add-on security VULNERABILITY announcement providing details of two serious Firefox add-on vulnerabilities, one stealing all of your personal information and the other allowing an attacker to remotely TAKE over your computer. Link Thanks for the heads up. I personally never download un-tested add-ons from Mozilla but I feel for the people who have.Quote from: Mulreay on July 14, 2010, 08:32:09 PM Thanks for the heads up. I personally never download un-tested add-ons from Mozilla but I feel for the people who have. The thing is, the second addon isn't in the EXPERIMENTAL stage. Those versions are quite old. Quote from: Helpmeh on July 14, 2010, 09:03:26 PM The thing is, the second addon isn't in the experimental stage. Those versions are quite old. A valid point. I guess nothing is 'guaranteed' safe these days.Quote from: Helpmeh on July 14, 2010, 09:03:26 PM The thing is, the second addon isn't in the experimental stage. Those versions are quite old. Neither one was experimental... and EITHER way, they were both listed on the addons pages. regardless- they have both been removed from said list and ADDED to the blocklist so that people with them installed will be prompted to remove them. It's not even a vulnerability in the addons, but the fact that the addons are purposely written to steal passwords and usernames whenever a form with a password field is submitted.Quote Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review. -from link in first postQuote from: BC_Programmer on July 14, 2010, 09:40:56 PM and either way, they were both listed on the addons pages. -From fifth post

Answer»

Mozilla has released information in an add-on security VULNERABILITY announcement providing details of two serious Firefox add-on vulnerabilities, one stealing all of your personal information and the other allowing an attacker to remotely TAKE over your computer.

Link
Thanks for the heads up. I personally never download un-tested add-ons from Mozilla but I feel for the people who have.Quote from: Mulreay on July 14, 2010, 08:32:09 PM

Thanks for the heads up. I personally never download un-tested add-ons from Mozilla but I feel for the people who have.

The thing is, the second addon isn't in the EXPERIMENTAL stage. Those versions are quite old. Quote from: Helpmeh on July 14, 2010, 09:03:26 PM

The thing is, the second addon isn't in the experimental stage. Those versions are quite old.

A valid point. I guess nothing is 'guaranteed' safe these days.Quote from: Helpmeh on July 14, 2010, 09:03:26 PM

The thing is, the second addon isn't in the experimental stage. Those versions are quite old.

Neither one was experimental... and EITHER way, they were both listed on the addons pages.

regardless- they have both been removed from said list and ADDED to the blocklist so that people with them installed will be prompted to remove them.

It's not even a vulnerability in the addons, but the fact that the addons are purposely written to steal passwords and usernames whenever a form with a password field is submitted.Quote

Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review.

-from link in first postQuote from: BC_Programmer on July 14, 2010, 09:40:56 PM

Solve : Firefox User? Be Aware Of Two More Malicious Add-Ons?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment