Makers of some of the most popular extensions, or “add-ons,” for Mozilla’s Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users. By design, each Firefox extension — any of a number of free software applications that can be added to the popular open-source browser — is hard-coded with a unique Internet address that will contact the creator’s update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available. Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://). As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore [...]
Search
Recent Posts
- Booby-trapped emails fly back into fashion
- Firefox plug-in Trojan harvests logins
- Hackers Hijacked Large E-Bill Payment Site
- Court Rules Against Teacher in MySpace ‘Drunken Pirate’ Case
- SonicWALL licensing snafu short-circuits protection
- Apple anti-virus advice was nothing new
- Apple tells Mac users: Get anti-virus
Categories
Monthly Archives
- December 2008 (9)
- November 2008 (61)
- October 2008 (54)
- September 2008 (40)
- August 2008 (66)
- July 2008 (60)
- June 2008 (51)
- May 2008 (57)
- April 2008 (82)
- March 2008 (60)
- February 2008 (46)
- January 2008 (41)
- December 2007 (20)
- November 2007 (37)
- October 2007 (36)
- September 2007 (27)
- August 2007 (39)
- July 2007 (34)
- June 2007 (77)
- May 2007 (142)
- April 2007 (722)
- March 2007 (2124)
- February 2007 (612)