Bill Detwiler highlights research from security experts who say Firefox extensions can be exploited to install malware.
Firefox extensions are a great way to customize and improve your browsing experience, but these add-ons can also be a security risk. During this episode of TR Dojo, I explain how these handy Firefox additions can be both a benefit and a hazard.
For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Michael Kassner's article, "Some Firefox extensions may be exploited to install malware." In the article, Kassner interviews security researchers Roberto Suggi Liverani and Nick Freeman about the pair's examination of Firefox extension security. I also encourage you to download and read Suggi Liverani and Freeman's Defcon 17 presentation, "Abusing Firefox Extensions" (pdf) or listen to an audio recording of the event (m4b).
For more information on Firefox security and the add-on submission process, check out the following Mozilla resources:
- The Add-on Review Process and You (Mozilla Add-ons Blog)
- Security best practices in extensions (Mozilla Developer Center)
- Sandbox Review System (Mozilla Add-ons for Firefox)
- Add-on Policies (Mozilla Add-on Developer Hub)
- Review Process (Mozilla Add-on Developer Hub)
- Add-on Submission (Mozilla Add-on Developer Hub)
- Code Validation Tool (Mozilla Add-on Developer Hub)
- Validation Help (Mozilla Add-ons for Firefox)
For the latest TR Dojo lessons, sign up for one or more of the following: