Results 1 to 1 of 1

Thread: Mozilla Add-on security vulnerability with Mozilla Sniffer and CoolPreviews !

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Mozilla Add-on security vulnerability with Mozilla Sniffer and CoolPreviews !

    hi !

    Mozilla Add-on security vulnerability with Mozilla Sniffer and CoolPreviews !

    from Calendar Of Updates:

    --------------------------------------------
    "One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described below."

    Mozilla Sniffer

    "An add-on called “Mozilla Sniffer” was uploaded on June 6th to addons.mozilla.org. It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location. Upon discovery on July 12th, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users."

    CoolPreviews

    "A security escalation vulnerability was discovered in version 3.0.1 of the CoolPreviews add-on. The vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded and reviewed within a day of the developer being notified."

    --------------------------------------------
    more info: Mozilla: Add-on security vulnerability announcement - Calendar Of Updates


    uninstall Mozilla Sniffer !

    update CoolPreviews !

    IMMEDIATELY !

    Last edited by hackerman1; 15th July 2010 at 08:33.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22