Are we missing DNS stuff ? Are plugins signed ? is NoScript being used by end users ? Maybe an evilgrade plugin is comming....
[]s Fosforo On Mon, May 25, 2009 at 3:24 PM, FUDder Guy <[email protected]> wrote: > On Mon, May 25, 2009 at 8:26 PM, saphex <[email protected]> wrote: > > This isn't about making the user install a malware add-on. It's about > > gaining access to the system trough an exploit, or physical access, > > modify an existing add-on with your code. And Firefox wont even > > notice. Instead of installing a fancy rootkit or keylogger, just go > > straight to the browser, simple. Go tell your average user to check > > the codebase of the plug-ins he has installed in is Firefox from time > > to time in order to make sure they haven't been tampered with, yeah > > good choice........... > > > > I agree that attacking Firefox is a simpler way to carry out the > attack than installing rootkit or keylogger. However, this is no > simpler than asking someone to download a cool game, script of > screensaver from my site. > > Moreover, only addons.mozilla.org and update.mozilla.org are set as > allowed sites for addon installations by default in the browser. If > one tries to install addons from other site, Firefox issues a warning. > So, this is pretty good. As far as the possibility of malicious addon > on Mozilla site is concerened, the probability is pretty low as the > addons on the Mozilla site appear for download only after a review > process. > > So, I don't see this type of attack particularly more dangerous than a > user downloading a software or script with trojan and running it. I > also don't see this type of attack any simpler than fooling a user to > run a cool game or script. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
