{"id":24533,"date":"2016-04-10T19:47:08","date_gmt":"2016-04-11T02:47:08","guid":{"rendered":"http:\/\/lifeboat.com\/blog\/2016\/04\/researchers-attackers-could-use-holes-in-firefox-add-ons-to-target-your-pc"},"modified":"2017-06-04T20:02:48","modified_gmt":"2017-06-05T03:02:48","slug":"researchers-attackers-could-use-holes-in-firefox-add-ons-to-target-your-pc","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2016\/04\/researchers-attackers-could-use-holes-in-firefox-add-ons-to-target-your-pc","title":{"rendered":"Researchers: Attackers could use holes in Firefox add-ons to target your PC"},"content":{"rendered":"

<\/a><\/p>\n

It goes without saying that any given piece of computer code\u2014be it an app, a part of your operating system, or even a browser plug-in\u2014may contain flaws that could leave your PC open to attack. But a team of researchers from Northwestern University have come across a new method of attack that can take advantage of holes in one or more installed Firefox add-ons.<\/p>\n

According to the team\u2019s research paper (PDF<\/a>), this newly discovered attack \u201cleverages capability leaks from legitimate extensions to avoid the inclusion of security-sensitive API calls within the malicious extension itself.\u201d<\/p>\n

Put another way: Firefox doesn\u2019t enforce any isolation between the add-ons you install, as Ars Technica notes<\/a>, which could potentially result in security problems. As a result of this lack of isolation, researchers say, an attacker could write a malicious Firefox add-on that appears harmless, but can use security flaws in other installed add-ons to do its bidding.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

It goes without saying that any given piece of computer code\u2014be it an app, a part of your operating system, or even a browser plug-in\u2014may contain flaws that could leave your PC open to attack. But a team of researchers from Northwestern University have come across a new method of attack that can take advantage [\u2026]<\/p>\n","protected":false},"author":395,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1523,1492],"tags":[],"class_list":["post-24533","post","type-post","status-publish","format-standard","hentry","category-computing","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/24533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/395"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=24533"}],"version-history":[{"count":2,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/24533\/revisions"}],"predecessor-version":[{"id":67737,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/24533\/revisions\/67737"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=24533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=24533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=24533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}