Firecucks BTFO
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
Nine of the 10 most popular extensions for Mozilla’s browser open computers to malware and security breaches, according to a research paper presented at the Black Hat conference by a group from Northeastern University.
https://ca.news.yahoo.com/check-firefox-extensions-today-open-191355853.html
>>53917771
DownThemAll is the only one I care about. I guess I'll remove it.
It says there you have to install a vulnerable, malware-infected version of said addons for this attack to become possible.
Kek, lotsa mental gymnastics by various shills disguised as """"""""""""""""""""""""""""""""""""""""""tech journalists""""""""""""""""""""""""""""""""""""""""""""""""" there.
>>53917771
This is why I smfh when mozilla says they'll stop developing a feature and basically outsource it to some developers.
>>53917771
Welcome to the world of yesterday!
>>53917827
>reading comprehension
It says other addons can use these addons to do malicious things
Still though, Firefox is a vulnerability itself
>>53917771
>Video DownloadHelper
>NoScript Security Suite
>Greasemonkey
>Download Youtube Videos as MP4
Looks like I'm pretty fugged.
>>53917815
are you retarded? it clearly says that you're only at risk if multiple addons exploit it. if you only have down them all you're fine
>>53917827
CVCKNADA YAHWEHOO - A READY TO DIE PLATFORM - PROMOTES THE SHITTIEST ALARM OF 2016.
BRUCE BROWN - A LITERAL NO ONE - OBVIOUSLY DOESN'T EVEN KNOW WHICH ADDONS HE HIMSELF HAS INSTALLED ON HIS FIREFUCKS.
www.digitaltrends.com/users/bbrown
(WORTH A LOOK)
I JUST SEE FIREFUCKS AS A DIEING BROSWER AND MOZILLA AS A SHILLING ENTERPRISE.
BUT, PLEASE, BRUCE STOP WRITING BULLSHIT.
http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/
>The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.
>The researchers noted that attackers must clear several hurdles for their malicious add-on to succeed. First, someone must go through the trouble of installing the trojanized extension. Second, the computer that downloads it must have enough vulnerable third-party add-ons installed to achieve the attackers' objective. Still, the abundance of vulnerable add-ons makes the odds favor attackers, at least in many scenarios.
>The vulnerability is the result of a lack of add-on isolation in the Firefox extension architecture.
>>53918055
RETARDS FALLING FOR SHITTY ARTICLES LIKE THIS JUST HAVE NO VALUE IN LIFE.
I don't use any of those addons though
>>53918124
YES, ADDONS ARE SHIT BY DESIGN BECAUSE A MALIGN PIECE OF CODE CAN IDENTIFY THEM BY THE STRING IN THE RDF
BUT THE FUCKING USER HAS TO INSTALL A MALICIOUS ADDON THAT BY ITSELF IS A SCAM.
I KNOW SOME OF THEM WERE DELETED BY MOZILLA.
IN THE END IS THE USER NOT USING THE FLOSS-AWARE
COMMON SENSE 2016
DO YOU INSTALL ADDONS JUST READING THEIR NAMES?
GULLIBLE ONE
>>53918175
I'm worried about you Anon.
Says at the end of the article Firefox will begin sandboxing extensions soon.
>google cucks trying to shit on firefox
>tries to downplay the fact that you have to install malicious addons and have the proper add ons for this to even work, making this whole issue irrelevant unless you're stupid
>>53917771
>tfw the only add-on you have installed is uBlock Origin
Wait so you have to install malware for the "vulnerability" to work? What the fuck is even the point?
>>53918175
>>53918915
basically this
but this bullshit is the kind of stupid reason the retards at mozilla take bad decisions such as banning unsigned add-ons or reducing the capabilities of add-ons (web extensions)...
>>53918915
>What the fuck is even the point?
The point is reducing the damage caused by the webextensions announcement fiasco.
>"The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia."
Quite nice to see all the hate comments over Vivaldi.
And in the meantime Mozilla fucks Firefox even more into it's ass :P
http://forums.mozillazine.org/viewtopic.php?f=23&t=2998925
Must feel great to use a Chrome UI imitation browser which gets raped more and more by it's mother company to be finally able to bring Chrome's whole userbase over to Firefox
But you know, at least it's Open Source, right? So no matter how shitty it will become, at least you have one thing left to be happy with :P
>>53917771
Looks like the who's who of addons that allow you to dictate the content you view and download stuff from stream sites.
I dont trust this article and it sounds like a soft setup for Firefox to later kill their addons like I've seen coming for a while, what I told /g/, and what /g/ told me was bullshit.
Mozilla is going to lock their browser down and lose their remaining semi tech savvy users. They really went to shit once Google pulled their funding, you can see the corporate interest molding them day by day.
>>53918554
What's it like being a fucking casual.
>not only using ublock and doing everything else manually
Plebs
>>53917771
Am I safe? ;_;
>users have to install malware to get malware
Wow, great read. I believe that Mozilla should focus on sandboxing, but this shouldn't even be news.
>the attack involves user installing a malicious extension
welp
>>53917771
Just use Edge.
>>53920176
Screen grab sounds pretty cool.
>>53920719
It would be better to just dump the DOM desu
>>53917771
The only extension I need is safe :^)
Well my Antivirus says I have no viruses. So who is it vulnerable to? What is the exploit being used for? Do they just not want me downloading porn videos? Because download helper is staying the viruses can suck my dick.
>>53917771
Only one on that list that I use is NoScript.
Also since the only thing that would trigger the vulnerability is downloading a malicious add on, I think I'll be just fine.
>>53920891
>mfw nfw people fell for the gorshill
>>53918915
it's not installing malware, it's installing malicious addons that can exploit other add-ons capabilities to download malware
the solution is of course to not install shitty untrusted addons and as a result is mostly a non-issue but it's another nail in the coffin for firefox deprecated addon design that they've been working to replace (much to the dismay of addon developers)
>>53919266
banning unsigned addons and reducing addon capability through changing the security design isn't a bad thing, it's just coming far too late when they could have done this a years ago without fucking over nearly as many people, but then again firefox has made a lot of bad decisions in the past decade which is probably why chrome got to be so popular
>>53919616
>They really went to shit once Google pulled their funding, you can see the corporate interest molding them day by day.
firefox has been going to shit for years, before chrome was even a thing, if you didn't notice you weren't paying close enough attention
>>53918554
>>53920053
not using noscript (or another javascript whitelisting addon) and exposing yourself to malicious javascript is a much more likely vector for attack than installing a malicious addon to begin with m8s
>>53921434
>it's not installing malware, it's installing malicious addons
Malicious addons are malware.
>>53920940
virus is not the same as exploit
>>53920940
lmao
>>53918915
>Wait so you have to install malware for the "vulnerability" to work? What the fuck is even the point?
The paper explains. The point is that it makes it easier for the malware to conceal the fact that it's malware and so get past human screening.
>>53920719
You can just do screenshot --fullpage in the console.
>still using Firefox
>still using open sores
Daily reminder this would never happen on chrome because they hire competent programmers
>>53925017
>chrome
>competent
Enjoy your browser crashes every 5 seconds. Enjoy your UI element run-offs. Enjoy your botnet. Enjoy your crashed tabs 50% of the time you try to open a link.
>>53917985
>>53917827
The browser gives write access to the entire fucking drive. That's not a joke.
>>53920222
It's pretty sad "tech news" sites are reporting on this really.
