Comments on: Extensions Increase Firefox’s Vulnerability http://cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/ Technology News Thu, 28 Aug 2008 18:17:08 +0000 http://wordpress.org/?v=2.6.1 By: Ryan http://cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97185 Ryan Thu, 31 May 2007 20:48:23 +0000 http://tech.cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97185 That's true, but most applications use a secure connection to the update servers to continue with the update. Some Firefox use the secure connections as well, but Firefox itself should be ensuring that only secure connections are being made when checking for updates from Mozilla's servers. And they should also require developer's of the extensions to create secure sites for the updates. Even though it is not directly Firefox's fault, it is something that they should be watching for to help protect their users. At least that's how I look at it. :D That’s true, but most applications use a secure connection to the update servers to continue with the update. Some Firefox use the secure connections as well, but Firefox itself should be ensuring that only secure connections are being made when checking for updates from Mozilla’s servers. And they should also require developer’s of the extensions to create secure sites for the updates.

Even though it is not directly Firefox’s fault, it is something that they should be watching for to help protect their users. At least that’s how I look at it. :D

]]> By: Techie Buzz http://cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97081 Techie Buzz Thu, 31 May 2007 07:02:19 +0000 http://tech.cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97081 The vulnerability is not at all related to Firefox but a user who has a malware that can allow them to take over the hosts files on the computer. It is well known that if your hosts file is comrpomised then any attacker can gain control over your system so it is not necessarily a firefox problem. In this way any user can hack any software that allows updates. And hosts in windows and as well as linux only can be edited by sudo users or admins so allow easy access to hosts files is a foolishness first of all. Keith The vulnerability is not at all related to Firefox but a user who has a malware that can allow them to take over the hosts files on the computer.

It is well known that if your hosts file is comrpomised then any attacker can gain control over your system so it is not necessarily a firefox problem.

In this way any user can hack any software that allows updates. And hosts in windows and as well as linux only can be edited by sudo users or admins so allow easy access to hosts files is a foolishness first of all.

Keith

]]> By: Firefox Extensions Auto-Update Vulnerability » Hello..and you are? http://cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97024 Firefox Extensions Auto-Update Vulnerability » Hello..and you are? Wed, 30 May 2007 22:05:27 +0000 http://tech.cybernetnews.com/2007/05/30/extensions-increase-firefoxs-vulnerability/#comment-97024 [...] News has the description for how someone can attack your Firefox browser using auto-updating extensions as the attack vector: A new Firefox vulnerability has been discovered, and this time it is quite a doozy. It affects [...] [...] News has the description for how someone can attack your Firefox browser using auto-updating extensions as the attack vector: A new Firefox vulnerability has been discovered, and this time it is quite a doozy. It affects [...]

]]>