NoScript and other popular Firefox add-ons open millions to new attack | Ars Technica

Bugs in popular Firefox add-ons expose users to attacks due to Firefox’s handling of plugins. Unlike normal malware, which is coded to perform a particular operation, this exploit takes advantage of the lack of plugin isolation to actually use normally benign functions in legitimate plugins. In order for this attack to be utilized in its current state a new malicious plugin would have to be downloaded so the danger isn’t immediate. Fortunately there’s a light at the end of the tunnel: Mozilla is working on a new system called Web Extensions which they say will be largely compatible with the system Chrome and Opera use.

For now, users should either update their plugins, remove all the ones they don’t need, or switch to Chrome for the time being. For now, users don’t need to worry too much.

Unlike many browsers, Firefox doesn’t always isolate an add-on’s functions.

Source: NoScript and other popular Firefox add-ons open millions to new attack | Ars Technica

Agent[31]

Agent[31] works in the IT field for a living. He enjoys a wide variety of interests from music to photography to computer games. He wants to share the joy he finds with others.