Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Internet, Web Apps and Networking

Reply
 
Thread Tools Display Modes
Old 15. Jul 2010, 04:37 AM   #1 (permalink)
Senior Member
 
Join Date: Mar 2010
Posts: 395
Default Hazardous add-ons

Here are some quotes from this blog with reference to Mozilla Sniffer:
Quote:
Mozilla Sniffer has been downloaded approximately 1,800 times since its submission and currently reports 334 active daily users. All current users should receive an uninstall notification within a day or so. The site this add-on sends data to seems to be down at the moment, so it is unknown if data is still being collected.

Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review.
Quote:
Having unreviewed add-ons exposed to the public, even with low visibility, has been previously identified as an attack vector for hackers. For this reason, we’re already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site.
And this is with reference to CoolPreviews:
Quote:
The vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.
So here it seems that merely hovering over the link triggers action but ...
Quote:
If a user has a vulnerable version installed and clicks on a malicious link that targets the add-on, the code in the malicious link will run with local privileges, potentially gaining access to the file system and allowing code download and execution.
Here they talk about clicking being needed.
vasa1 is offline   Reply With Quote
Old 15. Jul 2010, 09:59 AM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

Thanks for posting this. I'm sure a lot of new PC users especially feel a bit like kids let loose in a candy shop when they see the array of addons available for their chosen browser. As with all things, I would always advise folks to consider if they really need these items and to scan the user forums for relevant issues first.
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 15. Jul 2010, 10:42 AM   #3 (permalink)
Senior Member
 
Join Date: Mar 2010
Posts: 395
Default

MC, thank you for the thanks but can you shed some light on the second add-on?

I always thought the business of getting infected by hovering over a link was science fiction but the blog seems to indicate otherwise.
vasa1 is offline   Reply With Quote
Old 15. Jul 2010, 02:39 PM   #4 (permalink)
Senior Member
 
Join Date: Nov 2009
Posts: 445
Default

Hi,
Quote:
Originally Posted by MidnightCowboy View Post
...As with all things, I would always advise folks to consider if they really need these items and to scan the user forums for relevant issues first.
A rule I follow with ... religious devotion.

If you read down to the comments, there's one by Andreas Grech giving info about a post on his blog on intercepting login details with a Google Chrome extension:
http://blog.dreasgrech.com/2010/07/s...th-google.html
I suppose this affect SR Iron as well?
__________________
26Dolphins
26Dolphins is offline   Reply With Quote
Old 15. Jul 2010, 05:49 PM   #5 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

Quote:
Originally Posted by vasa1 View Post
MC, thank you for the thanks but can you shed some light on the second add-on?

I always thought the business of getting infected by hovering over a link was science fiction but the blog seems to indicate otherwise.
The short answer to this is no I can't. I did promise myself at one point that I would try to educate myself more fully on this topic which is when I discovered this.

http://code.google.com/p/browsersec/wiki/Part2

About half way down I gave up
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 15. Jul 2010, 05:54 PM   #6 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

Quote:
Originally Posted by 26Dolphins View Post
I suppose this affect SR Iron as well?
According to this extract, yes.

"Some have also commented as regards me demonstrating this on Google Chrome. Yes, other browsers can also be susceptible to this technique but I chose to try this on Google Chrome because it has apparently been dubbed as 'the safest browser available', and I'm not denying that. I wanted to make users aware that although Google Chrome is, undoubtedly, a safe browser to use, they should still be careful about what they install on their browsers and not blindly trust anything"
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 15. Jul 2010, 06:36 PM   #7 (permalink)
Senior Member
 
Join Date: Nov 2009
Posts: 445
Default

Oops, didn't read the post to the end, so missed that part.
Thanks MC.
__________________
26Dolphins
26Dolphins is offline   Reply With Quote
Old 17. Jul 2010, 02:22 AM   #8 (permalink)
Senior Member
 
bo.elam's Avatar
 
Join Date: Nov 2009
Posts: 1,714
Default

Thanks Vasa1 for posting this. Its good to be aware and realize that malware
also can get thru our security setup if we add the wrong addons. Even if we
use Sandboxie, installing the wrong addon can get a keylogger installed on the
browser, ready to steal our money or identity and with full rights to read and
send information out of the PC to the bad guys.

Bo
bo.elam is offline   Reply With Quote
Old 17. Jul 2010, 08:50 AM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Mozilla has blocked and disabled both the malicious add-ons.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 17. Jul 2010, 09:47 AM   #10 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

Quote:
Originally Posted by Anupam View Post
Mozilla has blocked and disabled both the malicious add-ons.
Thanks for the update
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 11:34 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.