Multiple of the most popular Firefox extensions include available Vulnerabilities
Security researchers found that NoScript, Firebug, Video DownloadHelper, Greasemonkey, FlashGot Mass Down, and other most popular Firefox extensions (except Adblock Plus) all contain available vulnerabilities, extensions developed by attackers can call other extensions to hide malicious behaviors and reduce the probability of being discovered. The vulnerability is related to Firefox's extension architecture's lack of isolation extensions. It allows all JavaScript extensions to share the same JavaScript namespace, and the shared namespace allows other extensions to read and write global variables defined by other extensions, call or override other global functions to modify the instantiated object. Attackers can trick users into installing malicious extensions. Then, malicious extensions can steal cookies, control or access file systems by calling other popular extensions installed in browsers, or open the URL selected by the attacker. The concept verification prototype developed by the researchers has also passed Mozilla's review. The vice president of Firefox products said in a statement that its new extended API WebExtensions provides better security features.
This article permanently updates the link address: