Risky Firefox Extensions

A ZDNet report lists high-profile Firefox extensions that are vulnerable to attacks. Firefox may have just recently patched its vulnerabilities with the release of version 2.0.0.4, but third party extensions remain to be at risk. Below is a list of risky Firefox extensions:

• Google Toolbar
• Google Browser Sync
• Yahoo Toolbar
• Del.icio.us Extension
• Facebook Toolbar
• AOL Toolbar
• Ask.com Toolbar
• LinkedIn Browser Toolbar
• Netcraft Anti-Phishing Toolbar
• PhishTank SiteChecker

Here are a few Q & A’s from the source article. For full details, visit the advisory blog entitled, A Remote Vulnerability in Firefox Extensions.

Q: How many people are at risk?
A: Millions. Exact numbers for each toolbar/extension are not released by the vendors.

Q: When am I at risk?
A: When you use a public wireless network, an untrusted Internet connection, or a wireless home router with the default password set.

Q: What can happen to me?
A: An attacker can covertly install malicious software that will run within your web browser. Such software could spy on the you, hijack e-banking sessions, steal emails, send email spam and a number of other nasty tasks.

An update from the ZDNet article cited a comment from del.icio.us’ product manager telling that its extension isn’t  already vulnerable from this attack since the version 1.5.29 update last April.

This entry was posted on Thursday, May 31st, 2007 at 11:54 and is filed under Web News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.