A security weakness in the update mechanism for third-party add-ons to the Firefox browser could give an attacker the ability to exploit unsecured downloads and install malicious code on the victim's computer, a security researcher warned on Wednesday. The vulnerability affects any third-party add-ons that use an unsecured …
Security a problem for all browsers
Although I use Firefox almost exclusively at home it is worth reminding people that although pretty secure, no bit of software accessing a public network is invulnerable. No matter how clever Firefox may be, it's ultimately down to the common sense of the user to avoid obvious hazards - hazards that aren't always obvious to Harry Homeowner. I;ve always thought the ease at which extensions can be installed, the fact that unsigned extensions can be accepted would inevitably be a source of trouble. By default Firefox should reject all unsigned extensions and those that don't use SSL. Perhaps it could be extensions could be run in a sandbox environment - at the minute releasing a maliciously designed extension would hardly be a work of genius.
can't write a secure browser LOLOLOL!!!1!!1!1 They should just use Firefox instead 'cos it's OSS and written by proper haxxors not M$ luser programmers and many eyes make all bugs shallow and...
I'll get me coat then.
You mean plug-ins like the one I use to block all the adverts and distractions from this site?
"Insecure" plugins - what next, paranoid add-ons?
As soon as I saw the headline, I had an image of all these video players and PDF viewers huddled in the corner, convinced that they were not any good and that the rest of the applications were laughing at them!
I think "un-secure" would be the correct terminology!
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great