FireFox addon vulnerability is the new scare to watch out for
Secure web browsing is the dream for all the individuals who use the internet, at least for the ones who are smart. However, the introduction of unique data and privacy hacking strategies in the past couple of years has been taking this dream far away from reality. Add-ons have always been a godsend for people who browse the web on a regular basis. Today, there are different types of add-ons on the web that enables you to customize, organize and accomplish most of your online tasks in a jiffy. Ironically, recently, malicious actors have found a way to manipulate these add-ons to dig deep into your private data and to cause havoc.
Lately, a group of cyber security professionals from Northeastern University unveiled a possibility of hackers targeting Firefox browser extensions to execute malicious code to steal user centric data. From the security perspective, the paucity of isolation between the pertinent extensions has been utilized by the hackers to accomplish their goals. As per the reports, 90% of the Firefox are vulnerable to such hacks.
How these hacks are carried out?
According to the Firefox add-on architecture, JavaScript scripted extensions can communicate with pertinent components in the system via JavaScript namespace. The legitimate extensions uses this strategy to execute its functions, however, the shared JavaScript namespace strategy is tagged with some vulnerabilities. One of among this is known as “extension reuse vulnerability”, this vulnerability is used by the hackers to go around the security screening process hosted by Mozilla. If the add-ons raises a direct call to Mozilla security pertinent APIs, they are easily sniffed out. Utilizing, the extension-reuse vulnerability, helps the hackers to find their way around this screening process. Hackers achieve this task by developing add-ons that reuses functionalities of other legitimate add-ons.
How to spot the culprit add-ons The security researchers unveiled a tool called the CrossFire, which would help you to sniff out the affected add-ons. The experts tested the top ten Firefox add-ons like Firebug, Noscript, Adblock plus and several others for security holes. Among the top ten, Adblock Plus was the standalone Firefox add-on which was not vulnerable to any attacks. The solution
The Mozilla has already been notified about this serious threat and as per their response, they have started working on it. As per the reports, Mozilla has been working on their core product in addition to the add-on platform to address this serious threat. It is also stated that the latest versions of browser extension APIs are not vulnerable to such hacks when compared to the conventional set of browser APIs which were used to exposes this hack in the first place. As per Mozilla, a multi-process architecture for Firefox which enhances the security is also expected by the end of this year.