Malicious Firefox Extensions Exist – Be Careful

by on Feb 17, 2010 | 1 comment

In case you have not heard, there have been several malicious Firefox extensions discovered. File this one under the “it was bound to happen” category.

It is important to remember that whenever you install a Firefox add-on, you are installing executable code which can run in conjunction with the browser. Add-ons can access anything Firefox can – password data, browsing history, the internet itself – so it goes without saying this was bound to be exploited.

The important thing to remember is to only install add-ons from sites you trust (i.e. Mozilla’s Official Add-On Site). Anti-virus scanners may not catch malicious Firefox add-ons because they are a different kind of beast, so your best protection is exercising caution.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • Bill Bright

    Security issues like this are time sensitive. Coming out now in this manner makes it seem as if more malicious add-ons were discovered. But following your link we see Mozilla blogged a report two weeks ago on this.

    http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/

    Nothing wrong with a reminder, but when coming late to the table, bring something fresh – especially when it comes to security issues. And it is particularly important to get the facts right! That was not done here.

    Note following the above and your link reveals a list from Feb 4th of anti-virus scanners that detect the malware in the affected add-ons just fine. I suspect this late in the game, the other AV makers have caught up. Today’s (Feb 17th) PCMech Tip offering a vote of “no confidence” against the anti-virus industry does not reflect reality, and may instill (perhaps again) fear and uncertainty in those not aware of the truth. :(

    I think it should also be noted the infected add-ons came from Mozilla’s Official Add-on Site.

    Bottomline – While the advice to exercise caution is always prudent, this was not a good “Tip” in my opinion, as it does an injustice to Mozilla, anti-malware makers, and most importantly, FF users everywhere.

    (FTR – I am a IE8 fan and MS-MVP!)

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: