Mozilla Removes And Blocks 2 Firefox Add-ons

Remember three or four years ago, when Mozilla had such a small share of the browser market, that nobody was bothering to write malware for it?

It has not happened often in the past that Mozilla had to pull the plug on add-ons hosted at the official Firefox add-on repository. The developers of the popular Firefox web browser have some tools at their disposal to deal with add-ons that are either malicious in nature or insecure.

A recent blog post on the Mozilla Add-ons blog revealed that the developers had to deal with two add-ons falling in those two categories recently.

The first add-on, Mozilla Sniffer, contained code that intercepted and send login information to a remote server on the Internet.

The issue was discovered on July 12, six days after the addition as an experimental add-on on the Mozilla website. The add-on was disabled immediately after a manual code review and added to the global blocklist.

A total of 1800 installations have been recorded prior to the detection, all users who have installed the add-on receive an automatic uninstallation request, triggered by the addition to the blocklist.

Firefox users who have or had the Mozilla Sniffer add-on installed need to change all their login information on all sites they have visited since installing the add-on to prevent possible account access of third parties.

All add-ons that are uploaded by developers to the Firefox add-on repository are scanned for malicious code. A manual review of the add-on follows at a later time. The virus scan did not detect the “phone home” function, so that the add-on was listed as an experimental add-on on the public website.

It is obvious that this verification process is flawed. It might not happen often that malicious add-ons pass the initial scan but it has happened in the past.

Back in February two add-ons were discovered in the add-on repository that contained malicious code. Mozilla back then increased the number of malware scanners and the frequency of the scans.

A new security model has been proposed which changes the review process so that only code-reviewed add-ons are visible to Firefox users on the add-on’s website.

Cool Previews was the second add-on the Mozilla developers had to deal with. A critical security vulnerability was discovered in version 3.0.1 of the add-on, installed by more than 170k users.

The vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.

Version 3.0.1 and earlier of Cool Previews have been disabled after the discovery. The developer of Cool Previews managed to update the add-on within a day of notification, the new version is already available on the Mozilla website and as an update.

Add-on updates are displayed automatically to Firefox users. Additional information are provided at the Mozilla blog post.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures Serial Console Server products and Rack Mount PDU products to simplify remote management of rack mount network equipment.

Tags: , , ,

Comments are closed.