Firefox Vulnerability Exposes Extension Variables

General Topics
1

Another vulnerability has been found in Firefox, and this one makes it possible for a hacker to retrieve the settings and variables used in extensions. The person who discovered the flaw was able to steal a dynamically generated password created by the Fire Encrypter extension.
So how serious is this? Read for yourself:
It basically means that everyone can probe all Javascript files inside the chrome:// context and log all this information on the server through a simple Ajax instance. Furthermore it is only possible to call unregistered functions, like those that are set inside extensions by developers. This could lead to denial of service on function calls, privacy breach, information disclosure, and maybe more unseen or unknown attacks. [emphasis placed by me]
There is some concern that this could be used to get information such as whitelisted sites on Adblock, or even user details from Gmail Checker. This vulnerability hasn’t thoroughly been tested to see what’s possible and what’s not, but if some information could successfully be retrieved I’m sure other hackers could find ways to exploit this even further.
The person who discovered the vulnerability recommends that you install the NoScript extension, or use Opera because “this could lead to further more clever attacks.” Staying safe online continues to get harder and harder
http://www.theregister.co.uk/2007/08/13/firefox_remote_leakage/
i’m sorry polonus-i just realized this is a double post ??? ::slight_smile: http://forum.avast.com/index.php?topic=29899.0
moderator could you remove if possible :slight_smile:

2

Ahum, as from FF 2 and up, FF has many bugs (and I really mean many) bugs and other problems. FF is currently really a piece of shit and should not be used at all. Unless you want to get problems

3

Which browser do you use?

4

I bet he’s on Opera …

I admit i also have been thinking for awhile now to go with Opera as my main browser but i think i’ve gotten too used to that “piece of shit” Firefox as eddy describes it … ::slight_smile:

5

I have no problems with that so called piece of sh*t either, like all things concerning the internet you have to take steps to protect yourself and NoScript is a huge step in that direction. Also running all applications that connect to the internet with restricted privileges is another.

6

Firefox is more flexible (with extensions and add-ons) than Opera.
I think Opera is safer (and faster) than Firefox.
But calling FF a piece of … is a little hard imho.