Computer Using Firefox Add-Ons Not Safe
Computers running Firefox of Mozilla Corp. aren't safe from hackers. As they can easily drop nasty code in to these systems, when the web browser is equipped with any sophisticated add on, for example Yahoo Toolbar and Google Toolbar. A researcher divulged this on May 30, 2007.
By design, every extension of Firefox is 'hard coded' with an exclusive Internet address, which will call the update server of the creator every time the browser starts. An extension refers to any of the numerous free-software, which may be included to the widely used open source web browser. This feature allows Firefox to determine whether the add-on's new version is available or not.
"It's something like compounding of mistakes. Mozilla never informed developers to update from a safe link. Assuming that everyone would be aware of it was the biggest mistake they did. However, the 'add on' developers are to blame for they didn't use the secure server," divulged Soghoian - Indiana University's Ph.D. student. ComputerWorld published this on May 30, 2007.
For the time being, that is until the security updates are released by the affected extension vendors, users should remove/disable all toolbars and extensions of Firefox that haven't been downloaded through the official Add-Ons website of Mozilla, recommends Soghoian.
Public mobile access-points, such as those at coffee shops and airports, should be the most probable scenes for an assault. The main reason for this is that it may be relatively easy for hackers to use them for mimicking an authenticated update-server with a laptop. However, Soghoian warns, other locales may be no less dangerous.
Security Fix, for long, has been urging Windows users that they should avoid running their machines under "admin" account for daily use. However, users should set-up "limited user-accounts", so that their PCs can be protected against silent installation of nasty codes. Limited user-accounts often don't have rights to modify key settings of the system or download/install new software.
In an email Mike Shaver - director of eco system development for Mozilla - acknowledged the risk posed by insecurely hosted & updated 'add ons'. He further recommended that extension developers should fix the problem at their level as soon as possible.
Related article: Computer Virus Writers Adopt New Strategy
» SPAMfighter News - 11-06-2007