Author Topic: Serious firebug hole stopped!  (Read 1536 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33746
  • malware fighter
Serious firebug hole stopped!
« on: April 10, 2007, 07:41:03 PM »
Hi malware fighters,

Well I reported here about a serious hole in the firebug extension for Firefox. Well yours truly came up with some line of code, see the comments near the bottom of this page: http://www.gnucitizen.org/blog/firebug-goes-evil  This code makes that runfile(f) (doing all the harm here) would be capped through ipdfilter/reset.
Hopefully the developer of firebug has also been there, so he can bring this simple protection inside his extension. Funny thing is, while the FF or Flock browser code is becoming more and more secure, the extensions have now come under fire from malcreants, also full disclosure publishers, like Georgi Guninski, the renowed Bulgarian come up with these now.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!