Hackers can control computers through Firefox's add-on

Attackers can risk malware as an extension of Firefox

Some security experts have recently announced that Hacker can 'drop' malicious code into Mozilla's Firefox system when it uses a few add-ons, including Google Toolbar and Yahoo. Toolbar. Mozilla has acknowledged this type of risk on some extended features.

Christopher Soghoian, a Ph.D. At Indiana University, it was outlined by the ' man-in-the-middle ' method that an attacker could use, especially in public wireless networks. An attacker can disguise malware as an extension of Firefox and sneak in malicious code instead of a regular update to one of the missing extensions.

Firefox extension packages - often small packages to add features to Firefox, are almost universally created by volunteer developers or by interest - stored and updated on SSL-secured sites. Mozilla's own and not being prevented from this attack, Soghoian said. Most of those extensions are created by third parties, but the update from the servers is not their guarantee.

' This can be considered a double fault. Mozilla does not tell developers that they should update from a secure link; they are wrong to assume that everyone knows it. But those add-on developers also have defects when not using secure servers , 'Soghoian said.

After receiving a warning from Soghoian, Mozilla has edited the maintenance guide and updated the Firefox extension application. They pushed developers to upgrade the server to a secure SSL connection.

Public wireless access points (such as at airports or coffee shops) are the places where most attacks occur, because hackers can access them easily and disguise as a counter server. legal only with a laptop. But Soghoian warned that some other networks are equally dangerous.

' No matter where your network is, you should not put yourself at risk. For example, use a neighbor's wireless network . ' Users in Tor's anonymous network may also be in danger, Soghoian added. ' That's where you can' hand over 'your DNS to some people you don't even know '

Google Toolbar, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker are also among the dangerous add-ons, and Soghoian has not listed them all yet. get that list. ' I don't have time to check out all the extensions, so I went to Download.com and searched for the top 20 '. Soghoian also recommends that before vendors provide security updates, users should remove or disable all of Firefox's extended features and toolbar without directly downloading from the Add website. -Ons of Mozilla.

Mike Shaver, the leader of Mozilla, also acknowledged the danger of unsafe storage and updating add-ons, he also suggested extension developers should quickly solve the problem.