Windows Mac ForMac Answers Forum

Popular Firefox add-ons may compromise your PC's security

Bogdan Preda
  • Bogdan Preda,
  • 8 years ago
  • Editor Informer Technologies, Inc.

Popular Firefox add-ons may compromise your PC's security Popular Firefox add-ons may compromise your PC's security

According to a study which was recently made public at the Black Hat conference, Mozilla's web browser may not be as safe as we all believe it to be. It seems that the security threat doesn't come from the browser itself, but from the interaction between specific add-ons which people add to Firefox. Unfortunately, since the extensions that are included in the list of threats are incredibly popular, this isn't something that we should take lightly.

Mozilla's Firefox is the default browser for millions of people from all over the world, so this piece of news affects a whole lot of Internet users. Out of the top 10 most popular add-ons included in the study, AdBlock Plus was the only one that the group of researchers from the Northeastern University deemed secure. The other nine names on the list: DownloadthemAll, Download YouTube Videos as MP4, FlashGot Mass Downloader, Flash Video Downloader, Firebug, GreasemonkeyNoScript Security Suite, Video DownloadHelper and Web of Trust can make your PC vulnerable to attacks.

As far as I understand from the research, the problems are generated by the fact that Mozilla doesn't protect the add-ons from interacting with each other. This means that an extension that has malicious coding can easily mask its behavior by invoking the capabilities of an other (legitimate) add-on. So, if you have one or more of the previously mentioned extensions installed on your Firefox, you should probably remove them until this blows over.

In an official statement given to the guys from Digital Trends, Firfox's Nick Nguyen acknowledged the problem and stated: "Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. [...] The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative – our project to introduce multi-process architecture to Firefox later this year – we will start to sandbox Firefox extensions so that they cannot share code."

In case you prefer using Mozilla's web browser, you might also want to check out some of our previous stories such as: "Best add-ons to reduce Firefox's resource consumption", "The best privacy add-ons for Firefox" or "Easy keyboard navigation for Firefox".

Referenced applications

Firefox
FREE

Mac

rating

Quickly browse the web without slowing down your Mac.

Firefox
FREE

Windows

rating

Surf the Internet securely on an open-source web browser.

Firefox Browser: fast, private & safe web browser
FREE

Android

rating

Author's other posts

Huawei unveils the Mate 20, Mate 20 Pro and Mate 20 X
News
Huawei unveils the Mate 20, Mate 20 Pro and Mate 20 X
The Huawei Mate 20, Mate 20 Pro and Mate 20 X are now available to purchase in Europe and the innovative features that they bring are actually pretty cool.
Best remote desktop tools for Windows
Article
Best remote desktop tools for Windows
Looking for a reliable application to help you remotely access other computers and transfer files? Here are some of the best solutions:
Winamp is returning in 2019
News
Winamp is returning in 2019
Winamp is taking a stab at the mobile market in 2019. The new version of the app will work on iPhones as well as on Android smartphones.
Essential apps for your MacBook
Article
Essential apps for your MacBook
A list containing some must-have applications for those who just bought a new MacBook or have recently reinstalled the operating system.