Tech Made Simple

Hot Topics: Enter Our Apple HomePod Mini Giveaway | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Firefox Add-ons Vulnerable to Malware Attack

by Elmer Montejo on April 07, 2016

Mozilla Firefox icon closeup

Nine of the 10 most popular Firefox extensions can leave computers vulnerable to security intrusions and malware, warn researchers from Northeastern University. Of 10 popular add-ons researchers examined, only AdBlock Plus was found to be safe. More than 2,000 Firefox extensions for Windows and OS X computers were found to be vulnerable, including Firebug, Greasemonkey, Web of Trust, NoScript Security Suite, Video DownloadHelper, Downthemall!, Flash Video Downloader, FlashGot Mass Downloader and Download YouTube Videos as MP4.

The add-ons examined in the research are all available from Mozilla’s official repository for Firefox extensions.

The extensions themselves aren't themselves malware or don't contain malware. Instead, they have security flaws that malware can exploit. In Firefox’s extensions platform, an add-on can interact with other enabled add-ons. It can access data and functions from other installed and enabled extensions. Hackers can craft safe-looking extensions — malware posing as a valid extension — that ride on the clean, legitimate extensions. If you unsuspectingly install such an add-on, it can exploit other add-ons in ways that let it get to your system files (including your cookies, browsing history and stored passwords) or redirect your browser to a phishing web page.

In an email to Ars Technica, Firefox’s vice president of product acknowledged the existence of the risk described by the Northeastern University researchers. He assured users that Firefox developers are updating both the browser itself and its extensions to improve security. Mozilla's WebExtensions API, which is already available in Firefox, shields users from such risks. The team is working toward sandboxing Firefox add-ons so that they will work independently of each other in isolation, without sharing code or functions.

Meanwhile, protect yourself from potential attacks — and speed up your computer — by removing any problematic Firefox extensions from your computer. Click on the Settings button (the icon with three horizontal lines at the right end of the address bar). Select Add-ons to open the Add-on Manager, and click Extensions on the left pane of the Add-on Manager. Click the Remove button for each add-on that you want to remove. We recommend finishing with a full system scan using your preferred antivirus program.

[Image credit: GongTo / Shutterstock.com]


Topics

Computer Safety & Support, News, Computers and Software, Internet & Networking, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.