• Home
  • News
  • Popular Firefox add-ons may compromise your PC's security

Popular Firefox add-ons may compromise your PC's security

According to a study which was recently made public at the Black Hat conference, Mozilla's web browser may not be as safe as we all believe it to be. It seems that the security threat doesn't come from the browser itself, but from the interaction between specific add-ons which people add to Firefox. Unfortunately, since the extensions that are included in the list of threats are incredibly popular, this isn't something that we should take lightly.

Mozilla's Firefox is the default browser for millions of people from all over the world, so this piece of news affects a whole lot of Internet users. Out of the top 10 most popular add-ons included in the study, AdBlock Plus was the only one that the group of researchers from the Northeastern University deemed secure. The other nine names on the list: DownloadthemAll, Download YouTube Videos as MP4, FlashGot Mass Downloader, Flash Video Downloader, Firebug, GreasemonkeyNoScript Security Suite, Video DownloadHelper and Web of Trust can make your PC vulnerable to attacks.

As far as I understand from the research, the problems are generated by the fact that Mozilla doesn't protect the add-ons from interacting with each other. This means that an extension that has malicious coding can easily mask its behavior by invoking the capabilities of an other (legitimate) add-on. So, if you have one or more of the previously mentioned extensions installed on your Firefox, you should probably remove them until this blows over.

In an official statement given to the guys from Digital Trends, Firfox's Nick Nguyen acknowledged the problem and stated: "Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. [...] The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative – our project to introduce multi-process architecture to Firefox later this year – we will start to sandbox Firefox extensions so that they cannot share code."

In case you prefer using Mozilla's web browser, you might also want to check out some of our previous stories such as: "Best add-ons to reduce Firefox's resource consumption", "The best privacy add-ons for Firefox" or "Easy keyboard navigation for Firefox".

Comments