|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexandru Burciu (alexbu
gmail.com)
Date: Sat Jul 26 2008 - 14:25:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Andrei,
Here's just a quick example of such threat:
FFsniFF (FireFox sniFFer) is a simple Firefox extension, which
transforms your browser into the html form sniffer. Every time the user
click on 'Submit' button, FFsniFF will try to find a non-blank password
field in the form. If it's found, entire form (also with URL) is sent to
the specified e-mail address. It also has the ability to hide itself in
the 'Extensions manager'. This extension is meant to be as an example of
the 'evil side of Firefox extensions'.
http://azurit.elbiahosting.sk/ffsniff/
On Mon, Jul 14, 2008 at 1:55 PM, Andrei Hanganu <handreigmail.com> wrote:
> I have recently started work on a xpcom component for Firefox,
> astonished i was by the fact that in an XPI archive file one can
> include binary libraries (dll/so files) that get auto loaded in
> firefox via a precise function prototype. The problem is that the code
> in that component is allowed to do anything the user that runs firefox
> has credentials to do.
> Wham i am curious is if there have ever been reported malicious
> mozilla extensions, and if besides the signing of the addon is there
> any other way to protect from such addons.
>
> Andrei
>
--
Alexandru.Burciu
http://www.linkedin.com/in/alexbu
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]