Firefox extensions are a great way to customize and improve your browsing experience, but these add-ons can also be a security risk. During this episode of TR Dojo, I explain how these handy Firefox additions can be both a benefit and a hazard.
For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Michael Kassner's article, "Some Firefox extensions may be exploited to install malware." In the article, Kassner interviews security researchers Roberto Suggi Liverani and Nick Freeman about the pair's examination of Firefox extension security. I also encourage you to download and read Suggi Liverani and Freeman's Defcon 17 presentation, "Abusing Firefox Extensions" (pdf) or listen to an audio recording of the event (m4b).
For more information on Firefox security and the add-on submission process, check out the following Mozilla resources:
- The Add-on Review Process and You (Mozilla Add-ons Blog)
- Security best practices in extensions (Mozilla Developer Center)
- Sandbox Review System (Mozilla Add-ons for Firefox)
- Add-on Policies (Mozilla Add-on Developer Hub)
- Review Process (Mozilla Add-on Developer Hub)
- Add-on Submission (Mozilla Add-on Developer Hub)
- Code Validation Tool (Mozilla Add-on Developer Hub)
- Validation Help (Mozilla Add-ons for Firefox)
For the latest TR Dojo lessons, sign up for one or more of the following:
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.