Menu

Blog

Apr 10, 2016

Researchers: Attackers could use holes in Firefox add-ons to target your PC

Posted by in categories: computing, security

It goes without saying that any given piece of computer code—be it an app, a part of your operating system, or even a browser plug-in—may contain flaws that could leave your PC open to attack. But a team of researchers from Northwestern University have come across a new method of attack that can take advantage of holes in one or more installed Firefox add-ons.

According to the team’s research paper (PDF), this newly discovered attack “leverages capability leaks from legitimate extensions to avoid the inclusion of security-sensitive API calls within the malicious extension itself.”

Put another way: Firefox doesn’t enforce any isolation between the add-ons you install, as Ars Technica notes, which could potentially result in security problems. As a result of this lack of isolation, researchers say, an attacker could write a malicious Firefox add-on that appears harmless, but can use security flaws in other installed add-ons to do its bidding.

Read more

Comments are closed.