Mozilla Firefox extensions have been found to be dangerous and capable of enabling hackers to access your personal information. Researcher Christopher Soghoian has found that the automatic updates from Firefox extentions can present a way for criminals to be ushered in to your computer.

Firefox Add-ons Leave Your Computer Vulnerable to Criminal Activity – mashable

あらやだ。

A vulnerability exists in the upgrade mechanism used by a number of high profile Firefox extensions. These include Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial extensions.

A Remote Vulnerability in Firefox Extensions – slight paranoia via Techmeme

有名どころばっかしじゃん。

The vast majority of the open source/hobbyist made Firefox extensions – those that are hosted at https://addons.mozilla.org – are not vulnerable to this attack. Users of popular Firefox extensions such as NoScript, Greasemonkey, and AdBlock Plus have nothing to worry about.

A Remote Vulnerability in Firefox Extensions – slight paranoia via Techmeme

公式にあるやつとかGreasemonkeyは安全だと…。

In addition to notifying the Firefox Security Team, some of the most high-profile vulnerable software vendors (Google, Yahoo, and Facebook) were notified 45 days ago, although none have yet released a fix.

A Remote Vulnerability in Firefox Extensions – slight paranoia via Techmeme

45日も前に通報済みなのに、どこも反応していないらしい。こういう場合、どっちが正しいのか判断しづらいよなぁ。

広告