Date Added: Jan 2012
As security issue caused by browser extensions is getting serious increasingly, this paper proposes a pointer analysis based approach to detect vulnerabilities from browser extensions. The authors convert extensions' source code into facts in Datalog, and define several rules to describe vulnerabilities' characteristic. By querying on the facts using these rules, a report will be produced to demonstrate the exploitable points in the extension. They give a proof-of-concept implementation of this approach, and finally prove its efficiency and soundness by experiment.