| Vulnerability found in Firefox extension, Google toolbar |
Jun. 05, 2007
A security researcher has found a remote vulnerability in the upgrade mechanism in the Firefox extension used by Google Toolbar and Google Browser Sync that could lead to a man-in-the-middle attack and covert installation of malicious software.
Christopher Soghoian, a graduate student at Indiana University's School of Informatics, discovered that an attacker can silently slip malicious software onto computers via an upgrade mechanism flaw in the latest versions of highly popular Firefox extensions, including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker.
Writing in his blog on May 30, Soghoian noted that users of the Google Pack suite are likely vulnerable, given that it includes the Google Toolbar for Firefox. Using the bug, an attacker can install software such as spyware, hijack e-banking sessions, steal e-mail or send e-mail spam.
The only way to secure the upgrade path for sites hosting extensions and their updates is to use SSL technology. For the most part, he said, those sites with an "S" in their URLs are safe, such as in Mozilla's free hosting service for open-source extensions: https://addons.mozilla.org.
An exploit can be done through a man-in-the-middle attack where an attacker convinces a targeted system that he or she is the update server for one or more extensions. Firefox prompts a user when updates are available and then downloads and installs software, which in this case would be malicious code. Some commercial extensions, including those from Google, have disabled the notification, opting instead for silent install.
To read the rest of Lisa Vaas's eWEEK.com article, go here.
Related Stories:
(Click here for further information)
|
|
|
|
|
|
|
|
