Roberto Suggi Liverani and Nick Freeman, security consultants with security-assessm (http://security-assessment.com/)ent.com (http://security-assessment.com/) have discovered that poorly-written Firefox extensions can be exploited to install malware on a victim’s computer. It seems Mozilla does not have any security requirements for extensions. That’s a problem, as their flagship Web browser Firefox implicitly trusts extension software. I first learned about the problem when I read the two researchers’ Defcon 17 presentation, “Abusing Firefox Extensions (http://security-assessment.com/files/presentations/liverani_freeman_abusing_firefox_extensions_defcon17.pdf)” (pdf). The possibility of vulnerabilities in extensions concerned me, having just finished the article, “10 Firefox extensions that enhance security (http://blogs.techrepublic.com.com/10things/?p=1160&tag=content;col1)“. I certainly did not want to promote extensions that are vulnerable.

To the best of my knowledge, the extensions in my article are not buggy. Because I am in the process of writing an article with 10 more security extensions, I will be checking with Mr. Suggi Liverani and Mr. Freeman to make sure all the extensions I refer are beyond reproach.http://blogs.techrepublic.com.com/security/?p=2710&tag=rightCol;topRated