Firefox Extensions Lift the Keys to the Kingdom
Attackers have myriad ways of gaining access to systems; some are as basic as asking their way in, while others are a bit more high-tech. According to a new Mozilla security bulletin, your Firefox extensions could be the key the hackers are looking for.
The vulnerability — discovered and demonstrated by security researcher Gerry Eisenhaur — involves exploiting so-called "flat" Firefox extensions to access information stored elsewhere on the system. "Flat" extensions are ones not contained within a .jar, which allows an attacker to escape the extensions directory and load files housed elsewhere. Mozilla believes that attackers could use the exploit to harvest information about vulnerability to potential attacks. While security teams are investigating, Mozilla has classified the exploit as low priority, so no news on when it may be fixed.
Justin Ryan is a Contributing Editor for Linux Journal.
|Understanding OpenStack's Success||Feb 21, 2017|
|Natalie Rusk's Scratch Coding Cards (No Starch Press)||Feb 17, 2017|
|Own Your DNS Data||Feb 16, 2017|
|IGEL Universal Desktop Converter||Feb 15, 2017|
|Simple Server Hardening||Feb 14, 2017|
|Server Technology's HDOT Alt-Phase Switched POPS PDU||Feb 13, 2017|
- Understanding OpenStack's Success
- Own Your DNS Data
- Simple Server Hardening
- Understanding Firewalld in Multi-Zone Configurations
- Teradici's Cloud Access Platform: "Plug & Play" Cloud for the Enterprise
- Returning Values from Bash Functions
- From vs. to + for Microsoft and Linux
- Tech Tip: Really Simple HTTP Server with Python
- Bash Shell Script: Building a Better March Madness Bracket
- Natalie Rusk's Scratch Coding Cards (No Starch Press)