Apr 10, 2016
Researchers: Attackers could use holes in Firefox add-ons to target your PC
Posted by Karen Hurst in categories: computing, security
It goes without saying that any given piece of computer code—be it an app, a part of your operating system, or even a browser plug-in—may contain flaws that could leave your PC open to attack. But a team of researchers from Northwestern University have come across a new method of attack that can take advantage of holes in one or more installed Firefox add-ons.
According to the team’s research paper (PDF), this newly discovered attack “leverages capability leaks from legitimate extensions to avoid the inclusion of security-sensitive API calls within the malicious extension itself.”
Put another way: Firefox doesn’t enforce any isolation between the add-ons you install, as Ars Technica notes, which could potentially result in security problems. As a result of this lack of isolation, researchers say, an attacker could write a malicious Firefox add-on that appears harmless, but can use security flaws in other installed add-ons to do its bidding.
Continue reading “Researchers: Attackers could use holes in Firefox add-ons to target your PC” »