Sign in / up

back to article Insecure plug-ins pose danger to Firefox users

A security weakness in the update mechanism for third-party add-ons to the Firefox browser could give an attacker the ability to exploit unsecured downloads and install malicious code on the victim's computer, a security researcher warned on Wednesday. The vulnerability affects any third-party add-ons that use an unsecured …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Security a problem for all browsers

    Although I use Firefox almost exclusively at home it is worth reminding people that although pretty secure, no bit of software accessing a public network is invulnerable. No matter how clever Firefox may be, it's ultimately down to the common sense of the user to avoid obvious hazards - hazards that aren't always obvious to Harry Homeowner. I;ve always thought the ease at which extensions can be installed, the fact that unsigned extensions can be accepted would inevitably be a source of trouble. By default Firefox should reject all unsigned extensions and those that don't use SSL. Perhaps it could be extensions could be run in a sandbox environment - at the minute releasing a maliciously designed extension would hardly be a work of genius.

    0 0
  2. Anonymous Coward
    Anonymous Coward

    Stup1d M1cro$oft

    can't write a secure browser LOLOLOL!!!1!!1!1 They should just use Firefox instead 'cos it's OSS and written by proper haxxors not M$ luser programmers and many eyes make all bugs shallow and...

    oh...

    I'll get me coat then.

    0 0
  3. Robin

    Plug-ins

    You mean plug-ins like the one I use to block all the adverts and distractions from this site?

    0 0
  4. Anonymous Coward
    Anonymous Coward

    "Insecure" plugins - what next, paranoid add-ons?

    As soon as I saw the headline, I had an image of all these video players and PDF viewers huddled in the corner, convinced that they were not any good and that the rest of the applications were laughing at them!

    I think "un-secure" would be the correct terminology!

    0 0
This topic is closed for new posts.