TryXanel
06-04-2016, 04:29 PM
Vos creias que estabas seguro usando add-ons de FireFox? minga...
Varios de los add-ons mas usados de Firefox están sujetos a exploits que permitirian a atacantes descargar y ejecutar archivos maliciosos.
El unico que esta libre del top 10 seria el Ad Block Plus, después varios otros como no-Script, Firebug, Greasemonkey, etc... serian vulnerables a este tipo de exploits.
Me da bastante paja ponerme a traducir del articulo original en ingles asi que dejo el link: http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
Basicamente indica que al agregar algun add-on malicioso este puede usar extensiones de los otros add-on para ejecutar codigo, descargar archivos y demas acciones que quiera.
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons (https://addons.mozilla.org/en-US/firefox/extensions/?sort=users) contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
asi que a tener cuidado con los add-ons que prueben e instalen...
Varios de los add-ons mas usados de Firefox están sujetos a exploits que permitirian a atacantes descargar y ejecutar archivos maliciosos.
El unico que esta libre del top 10 seria el Ad Block Plus, después varios otros como no-Script, Firebug, Greasemonkey, etc... serian vulnerables a este tipo de exploits.
Me da bastante paja ponerme a traducir del articulo original en ingles asi que dejo el link: http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
Basicamente indica que al agregar algun add-on malicioso este puede usar extensiones de los otros add-on para ejecutar codigo, descargar archivos y demas acciones que quiera.
The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons (https://addons.mozilla.org/en-US/firefox/extensions/?sort=users) contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
asi que a tener cuidado con los add-ons que prueben e instalen...