Full Disclosure mailing list archives
Re: FFSpy, a firefox malware PoC
From: FUDder Guy <fudderguy () gmail com>
Date: Mon, 25 May 2009 23:54:55 +0530
On Mon, May 25, 2009 at 8:26 PM, saphex <saphex () gmail com> wrote:
This isn't about making the user install a malware add-on. It's about gaining access to the system trough an exploit, or physical access, modify an existing add-on with your code. And Firefox wont even notice. Instead of installing a fancy rootkit or keylogger, just go straight to the browser, simple. Go tell your average user to check the codebase of the plug-ins he has installed in is Firefox from time to time in order to make sure they haven't been tampered with, yeah good choice...........
I agree that attacking Firefox is a simpler way to carry out the attack than installing rootkit or keylogger. However, this is no simpler than asking someone to download a cool game, script of screensaver from my site. Moreover, only addons.mozilla.org and update.mozilla.org are set as allowed sites for addon installations by default in the browser. If one tries to install addons from other site, Firefox issues a warning. So, this is pretty good. As far as the possibility of malicious addon on Mozilla site is concerened, the probability is pretty low as the addons on the Mozilla site appear for download only after a review process. So, I don't see this type of attack particularly more dangerous than a user downloading a software or script with trojan and running it. I also don't see this type of attack any simpler than fooling a user to run a cool game or script. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FFSpy, a firefox malware PoC saphex (May 19)
- Re: FFSpy, a firefox malware PoC Shell Code (May 25)
- Re: FFSpy, a firefox malware PoC James Matthews (May 26)
- Message not available
- Message not available
- Re: FFSpy, a firefox malware PoC Shell Code (May 26)
- Re: FFSpy, a firefox malware PoC David Blanc (May 26)
- Re: FFSpy, a firefox malware PoC saphex (May 26)
- Re: FFSpy, a firefox malware PoC saphex (May 26)
- Message not available
- Re: FFSpy, a firefox malware PoC Shell Code (May 25)
- <Possible follow-ups>
- Re: FFSpy, a firefox malware PoC FUDder Guy (May 25)
- Message not available
- Re: FFSpy, a firefox malware PoC FUDder Guy (May 25)
- Re: FFSpy, a firefox malware PoC Fosforo (May 25)
- Message not available