Mozilla Firepwnt?

Posted by connection on July 15th, 2010 | 1 comment
Share

Mozilla recently found that an un-reviewed Firefox addon was stealing people’s login credentials. After being up for 5 weeks Mozilla took the addon down.

So did Mozilla drop the ball on this? I think that they did. As with any open-source project, people are encouraged to submit bug fixes, add-ons, plugins, etc. With this encouragement though, security steps should be implemented to prevent software/users from becoming backdoored, infected with malware, etc. It appears that by the old policy set in place, any old Joe Schmoe could upload their add-on and it would be visible to users without having first been code-reviewed by Mozilla staff. I’m all for being trusting of my online neighbors but we have to be realistic, on the internet, there is a scammer around every corner.

Mozilla states that they are creating a new policy that code must be reviewed before a plugin is available to the public. I just hope that they go back over some of their non-reviewed plugins and make sure they aren’t backdoored as well.

For the full cnet story head on over to http://news.cnet.com/8301-27080_3-20010609-245.html

So HackTalkers, do you think Mozilla dropped the ball on this one? Leave your responses in the comments :) .

Share

Article By

has written 728 articles!

Subscribe to the HackTalk Security feed via RSS or EMAIL to receive instant updates.

You can follow any responses to this entry through the RSS 2.0 feed.

Comments

  1. On July 16, 2010 hyp says:

    and there i went saying the other day, firefox is #1

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CAPTCHA Image
*

 

Our Sponsors

Become a HackTalk SponsorBecome a HackTalk SponsorBecome a HackTalk SponsorBecome a HackTalk Sponsor
Get Adobe Flash playerPlugin by wpburn.com wordpress themes