Firefoxs commercial extensions could be a security threat!

Hi malware fighters,

Millions of Firefox and Flock users run the risk of being hacked through various commercial extrensions. Most dangerous are certain so-called third party extensions like those of Google’s, Yahoo’s, Ask, Facebook’s, extensions like LinkedIn, Del.icio.us, Netcraft Anti-Phishing Toolbar en de PhishTank SiteChecker. Link: http://blog.wired.com/27bstroke6/2007/05/google_yahoo_fa.html

Contrary to the extensions Mozilla offers, commercial extensions look for updates on servers that do not use https. An war driving intruder could hack the updatre check of the extension, and offer a malicious variant. So the intruder could remotely control the OS or get to private data.

The vulnerability was found by Christopher Soghoian, a student notorious for his air ticket generatorr. "It is rather ironic that by downloading an anti-phishing toolbar one becomes more vulnerable than without it.
The official vendors did not listen to him, and therefore the advice is download these kind of extensions only through the official secure Mozila extension page.

My advice would be install Avast inside the browser (see the avast homepage how to), secure your wireless network in such a fashion that these hacks can be prevented. Use the ubergeek extension Febe, In combination with NoScript and save your updates, scan them (DrWeb hyperlink scanner), and then install. In that way you do not have to de-install or abandon your in browser security.

polonus

What do you mean? WebShield? Can you post a link to that page?

Polonus you must be looking at a different avast home page than Tech or I, as I can’t see any reference or link to any How To (install Avast inside the browser) or much less protecting your wireless network ?

My dear webforum friends,

Avast even made an instruction video: http://www.avast.com/files/tutorials/ws_ffproxy.htm (also usasble for Flock), and there is also an instruction for IE. With the Avast proxy installed you are more secure.
For FEBE: https://addons.mozilla.org/en-US/firefox/addon/2109

polonus

Why? Automatically and transparent scanning is the same as the proxy one, as far I could know.

Exactly, this is only required if you are using an OS that doesn’t support the transparent proxy (win9x, winME) or you have to disable the web shield transparent proxy if they have ZA Pro installed. Other than that there is no need for this measure.

OK DavidR,

That is settled then, still one fact remains that a lot of users are not secure on wireless connections. There are even those that foil their rooms and windows to keep neighbour’s signal out.
What is still an issue, is that there should be adequate filtering provided for what passes over port 80 and 21, but I assumed security software vendors whenever they took things seriously should have contemplated these threats. We see now more and more service providers
now take their part in delivering some sort of server to client security in this respect.
Another important measure you can take yourself, is do not install the updates of add-ons automatically, pre-scan the link first, download and save the xpi file somewhere in a file (FEBE) or create add-one folder inside the browser, scan this download for malware, open file in the browser and install the checked and secure xpi add-on file manually. This could exclude the interference from malcreants or hackers. The Safe Download extension is also an option to scan the downloaded file in fieri.

polonus

Hi malware fighters,

You are no looser when you keep these third party add-ons, but just take the precautions mentioned in the following link: http://tech.cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/ (thanx drhayden1 for the heads-up on this one). You must tweak your FF or Flock seetings in mentioned way, because a real fix for the problem will appear not earlier as with FF 3.0.

polonus

Hi malware fighters and Mozilla browser add-ons users,

This vulnerability of certain FF extensions, is a genaral problem where every FF or Flock extension normally is not signed. So no guarantees on downloads, especially risky XPI downloads from dubious blog sites.
Another thing that could help you is…an extension: https://addons.mozilla.org/en-US/firefox/addon/3300
(disabling the main FF menu, forcing you to manually update your extensions). Checksums for your add-ons and extensions is also advisable policy, whenever these are reliable. But the whole question of insecure downloads is such a gigantic “open door”, that we expect forum users to know the risks of insecure downloads.

polonus