Zero-Day Vulnerabilities In Firefox Extensions 208
An anonymous reader writes "Researchers have found several security holes in popular Firefox extensions that have an estimated total of 30 million downloads from AMO (the Addons Mozilla community site). Three 0-days were also released. Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension." The affected extensions are Sage version 1.4.3, InfoRSS 1.1.4.2, and Yoono 6.1.1 (and earlier versions). Clearly the problem is larger than just these three extensions.
Damned Activex Controls! (Score:3, Funny)
This is why Microsoft should turn off Activex Controls altogether.........oh wait........
Re:Browser vulnerabilities (Score:1, Funny)
Okay, Jack [wikipedia.org]. Let us know how you make out.
Re:Browser vulnerabilities (Score:3, Funny)
I thought you were trolling, and then I read this:
I'll be switching my law firm back to IE and looking into a lawsuit against all FF contributors for their grossly negligent behavior.
Poe’s Law [rationalwiki.com] appears to be in full effect today.
Re:I have to say, I am depressed... (Score:3, Funny)
If you're that paranoid — use a virtual machine to browse the web and rollback to a trusted, clean snapshot a few times a day.
Yeah, but how do I know that the snapshot is clean? Or for that matter how do I know that my virtual machine hasn't been compromised?
They could have put a chip in my brain that makes my think that I'm browsing securely but in fact I'm not!
And who are you to be posting these things to make us feel like we can be secure? The sig of yours is French, no? But your user name looks Arabic. You could be a French secret agent with an Arabic code name - or, an Islamic Jihadist, hiding in France acting like a friendly internet user "helping" folks to "secure" their browsing habits all along undermining their computers so you and your agents can break in, compromise their machines, do your nefarious activities, and all the while, the poor sap who follows your advice gets arrested by the FBI while you take off with the hot secret agent babes from Russia.
No sir! I know what you're doing here!
Re:I have to say, I am depressed... (Score:3, Funny)
You can’t possibly be serious...
Re:Yep that's why I avoid extensions (Score:1, Funny)
Re:I have to say, I am depressed... (Score:2, Funny)
They could have put a chip in my brain that makes my think that I'm browsing securely but in fact I'm not!
So, you have hardwired your brain into your computer and are using it as a Firefox extension? This makes my head spin.