Firefox Extension Updates Vulnerable To Attack

Users of several popular Firefox add-ons may be susceptible to having malicious software silently installed on their computers. According to Indiana University's School of Informatics graduate student Christopher Soghoian, a flaw in the upgrade mechanism that many Firefox extensions including the Google Toolbar, Yahoo Toolbar, and Netcraft Toolbar utilize puts users at risk. An attacker can silently push their software by disguising it as an automatic update to one of the many add-ons affected by this issue.

This vulnerability can only be exploited when you are on an untrusted connection, such as a public wireless network or a compromised router. Thanks to Soghoian, Mozilla as well as some of the software vendors involved like Google and Yahoo are aware of the problem. However, a resolution has yet to be released.

Most of the add-ons hosted on Mozilla's official site are safe from these attacks. Therefore it is recommended that any extensions downloaded elsewhere, especially those included in the Google Pack, be removed or disabled until a suitable fix is provided.