![firefox add ons firefox add ons](https://www.enigmasoftware.com/images/2010/net-framework-assistant-add-ons-firefox-message.jpg)
![firefox add ons firefox add ons](https://i0.wp.com/www.djdesignerlab.com/wp-content/uploads/2011/04/firefox_add-ons_19.jpg)
"Malicious extensions that utilize this technique would be significantly more difficult to detect by current static or dynamic analysis techniques, or extension vetting procedures." "These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks," the researchers wrote in a paper that was presented last week at the Black Hat security conference in Singapore. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user.
#FIREFOX ADD ONS CODE#
NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.