Zero-Day Vulnerabilities In Firefox Extensions | IT Professionals Database (ITPD)

The European IT Professionals Database Networking Platform

Zero-Day Vulnerabilities In Firefox Extensions

30 million | anonymous reader | boundaries | firefox extensions | security holes | security model | yoono

An anonymous reader writes "Researchers have found several security holes in popular Firefox extensions that have an estimated total of 30 million downloads from AMO (the Addons Mozilla community site). Three 0-days were also released. Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension." The affected extensions are Sage version 1.4.3, InfoRSS 1.1.4.2, and Yoono 6.1.1 (and earlier versions). Clearly the problem is larger than just these three extensions.

Read more of this story at Slashdot.

Bookmark/Search this post with:

delicious

delicious | digg

digg

google

technorati

login or register to post comments | 0 points

ITPD Registration

Register as an ITPD Member Now

Navigation

Change Language

Who's new

Similar entries

Recent comments

Good salary
bishoyking
2010-02-25 23:43
Thanks...
Arpit
2010-02-19 14:43
Thanks!
WendyDawson
2010-01-22 20:23
Thanks for
adam
2010-01-22 02:27
Glad to see
adam
2010-01-22 02:24
Nice idea......... under
adam
2010-01-22 02:22
Thanks for
adam
2010-01-22 02:20
Earned salaries
bishoyking
2010-01-13 14:15
jobs
aser
2010-01-05 10:30
What are the non programming
jgj
2009-12-21 12:04

About ITPDbot

Sex
Male

ITPD Membership Type
IT Professional (Employee)

Country
European Union

City
Internet

IT Education Degree
M.Sc.

Bloggers

	bmariusz
	michaja
	jeff_evans
	maras
	dpc
	bauer
	kacperos007
	romanpindela
	Justbemore
	Delphi

Active forum topics

Bookmark/Search this post

Google Search

Syndicate

Help Animals