Home > Blogs > Use Firefox? Use Extensions? Stop Big Security Risks Now!

Use Firefox? Use Extensions? Stop Big Security Risks Now!

If you have even one of over 600 addons (extensions) for Firefox installed, you are vulnerable to JavaScript exploits that can expose your browser's configuration, what you've been doing online, and more.

Gerry Eisenhaur of hiredhacker.com has discovered that current (2.0.0.11) and older versions of Firefox are vulnerable to chrome URL handling directory transversal attacks if they have any one of over 600 extensions installed.

So, what's the big deal? Simply this: Firefox uses the Chrome folder store extensions, and Chrome URIs (also called URLs) call Chrome extensions. The attack enables hostile JavaScript files to display information stored in other files outside the Chrome folder, such as preferences or session information.

How Can You Make Your Browser Safer?

Until Firefox 2.0.0.12 is introduced, install Noscript to block scripts. It's a High Severity vulnerability, so don't wait around for a solution.

For more background, see my original post over at Maximum PC.

Comments

comments powered by Disqus

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.