On Sun, 10 Apr 2016 16:12:45 -0500 Joe Btfsplk <[email protected]> wrote:
> On 4/10/2016 5:36 AM, jb wrote: > > Tor Browser users: > > > > NoScript and other popular Firefox add-ons open millions to new > > attack > > http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/ > > > > TB supplies default extensions, from which two are TB project's own > > and should be subjected to an extension review process like those > > vetted by Mozilla. > > > > The researchers provide a CROSSFIRE tool to analyze them. > > Google search: > > CrossFire: An Analysis of Firefox Extension-Reuse > > > > Of course, one more reason to be careful about using add-ons in TB. > > jb > > > From same page: > "Nine of the top 10 most popular Firefox add-ons contain exploitable > vulnerabilities." translation : mozilla's 'sandboxing' system is a piece of shit and/or purposely sabotaged. > "Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and > FlashGot Mass Down all contained bugs that made it possible for the > malicious add-on to execute malicious code. Many of those apps, and > many others analyzed in the study, also made it possible to steal > browser cookies, control or access a computer's file system, or to > open webpages to sites of an attacker's choosing." -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
