DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th February 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Mozilla overlooked malware-laced Firefox add-ons

Because we are called upon regularly to fix problems with Windows :

from http://www.theregister.co.uk/2010/02...ox_extensions/

Quote:
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
These days the only things you can count on, are your fingers
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 11th February 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

From a follow-up at http://www.h-online.com/security/new...rm-927460.html

Quote:
Mozilla has admitted that one of the two experimental add-ons for the Firefox browser it said contained malware was in fact a false positive.

Version 4.0 of the Sothink Video Downloader, which Mozilla previously said included the Win32/Ldpinch.gen:Win32/Ldpinch.gen password sniffing malware, after further investigation, has been found to be free of malware.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 18th February 2010
drhowarddrfine drhowarddrfine is offline
VPN Cryptographer
 
Join Date: May 2008
Posts: 377
Default

Couple things to note: 1) add-ons are not created by Mozilla but are scanned by their custom virus scanner when they are issued to Mozilla and 2) it's like Microsoft having to protect Windows from every software package by any 3rd party that puts one out.
Reply With Quote
  #4   (View Single Post)  
Old 18th February 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

In short, the firefox model is "We provide a base browser, 3rd party extensions provide 'extra' features".

That was back in the firebird/firefox 0.x/1.x days, since then the firefox team has added some non-base features, but the program still relies heavily on 3rd party extensions.

This is different from IE or Opera, while it is possible to run extensions, it's not as common or 'necessary'.

From personal experience, I know the 'firefox model' doesn't exactly help with the speed, stability, and overall security of the browser.
This is about malicious intent (malware), but I would bet there are more than a few extensions with (unintentional) security flaws in them ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
UPDATE: mozilla-firefox-2.0.0.16 BSDfan666 OpenBSD Packages and Ports 0 17th July 2008 07:45 PM
Upgrading firefox to firefox 3 -keeping plugins+bookmarks kasse FreeBSD Ports and Packages 11 5th July 2008 01:34 PM
URL evaluation tools to determine if serving malware dk_netsvil Off-Topic 0 30th June 2008 04:55 PM
Mozilla Firefox 2.0.0.14 update.. BSDfan666 OpenBSD Packages and Ports 1 19th May 2008 06:11 PM
Building Mozilla Firefox 3 Beta 5 on FreeBSD vi5in FreeBSD General 6 12th May 2008 11:25 PM


All times are GMT. The time now is 11:12 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick