Skip navigation

Infecting Firefox Add-ons With Malware

Firefox is easily extended via add-ons. And the way extensions work makes it relatively easy for bad guys to inject malware that would be difficult to detect and remove.

The problem is basically two-fold. First, Firefox extensions have access to raw unencrypted data streams. Second, extensions are typically based on a set of files that include XML and Javascript.

An attacker could inject malware into an existing legitimate extension (e.g. one that is already installed on your systems) by modifying the extension's XML file(s) to include additional Javascript code.

So for example, any data (including keystrokes, form data, history, etc) could then be harvested directly from the browser and/or its network traffic and sent to a third-party offsite server. Ouch!

For a better understanding of this potential problem read about FFSpy. And to learn about why the extension subsystem in Firefox is fundamentally flawed read what Ralas Los has to say about this situation.

Now think about this for a moment. What if someone infects a popular add-on like NoScript, FlashBlock, GreaseMonkey, WebDeveloper, or Firebug? What tools do you have to find that infection and eradicate it?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.