Author Topic: Critical hole in Firebug! (Read 1982 times)

polonus · « **on:** April 05, 2007, 04:16:54 PM »

Hello malware fighters,

Users of Mozilla browsers are advised to disable the Firebug extension. It has a critical hole through which a third party could inject malicious code into the "zone" of the browser.
Read: http://www.gnucitizen.org/blog/firebug-goes-evil

We expect that when browser code itself is getting more and more secure, malcreants try to seek weak spots in browser extensions, that were not made with secure cosing at heart.

polonus

DavidR · « **Reply #1 on:** April 05, 2007, 05:01:43 PM »

Amazing that they can turn the very tools to check code against us. Not that I had firebug installed.

polonus · « **Reply #2 on:** April 05, 2007, 08:13:23 PM »

Hi DavidR,

It is actually a tool for webdevelopers. I do not have it, and Flock has its own. The security people among the browser developers must look now for methods to protect browser users against malicious code that comes along with the new ways of interoperability. Embedded script is now doing things that were not intended by earlier coders, so there must be found new ways of securing cookies, tags, webbugs etc etc.
With the JIKTO scanner code in the wild, we're in for some new threats in the malware theatre. The Internet has become a more dangerous place than it ever was.

polonus

Author Topic: Critical hole in Firebug! (Read 1982 times)

polonus

Critical hole in Firebug!

DavidR

Re: Critical hole in Firebug!

polonus

Re: Critical hole in Firebug!