Cnet News.com warns us that:
Popular add-ons to Firefox are the latest criminal attack vector
Many people have switched to the Mozilla Firefox browser because of Internet Explorer’s known vulnerabilities to malware. But as more people begin to use a browser, it becomes a larger potential target for malware, and authors of worms, spyware, spambots, and so forth will probe for ways to attack it. They’ve found that vulnerability in the download procedure for Firefox add-ins, whenever the download is coming from an unsecured server.
Here’s a summary of what to do to avoid the problem:
- If you have a wireless home router, make sure that you have set your password to something other than the default.
- Download an add-on only if it is hosted on a secure server; i.e., a server that uses the SSL “https” protocol. Safe add-ons are listed on Mozilla’s official Firefox add-on page.
- Your existing add-ons may automatically reconnect with their host to check for updates. This is safe only if those updates will be downloaded from a secure server. Disable any existing add-ons unless you are sure that you originally downloaded them from a secure server.
Techies can find more details about the Firefox vulnerability, including an FAQ, on Slight Paranoia, Christopher Soghoian’s blog:
A Remote Vulnerability in Firefox Extensions
Technorati tags:
downloads
Firefox
malware
Mozilla
tech tips
{ 0 comments… add one now }