Re: [Full-disclosure] FFSpy, a firefox malware PoC

Are we missing DNS stuff ? Are plugins signed ? is NoScript being used by
end users ?
Maybe an evilgrade plugin is comming....

[]s Fosforo

On Mon, May 25, 2009 at 3:24 PM, FUDder Guy <fudderguy@xxxxxxxxx> wrote:

On Mon, May 25, 2009 at 8:26 PM, saphex <saphex@xxxxxxxxx> wrote:
This isn't about making the user install a malware add-on. It's about
gaining access to the system trough an exploit, or physical access,
modify an existing add-on with your code. And Firefox wont even
notice. Instead of installing a fancy rootkit or keylogger, just go
straight to the browser, simple. Go tell your average user to check
the codebase of the plug-ins he has installed in is Firefox from time
to time in order to make sure they haven't been tampered with, yeah
good choice...........


I agree that attacking Firefox is a simpler way to carry out the
attack than installing rootkit or keylogger. However, this is no
simpler than asking someone to download a cool game, script of
screensaver from my site.

Moreover, only addons.mozilla.org and update.mozilla.org are set as
allowed sites for addon installations by default in the browser. If
one tries to install addons from other site, Firefox issues a warning.
So, this is pretty good. As far as the possibility of malicious addon
on Mozilla site is concerened, the probability is pretty low as the
addons on the Mozilla site appear for download only after a review
process.

So, I don't see this type of attack particularly more dangerous than a
user downloading a software or script with trojan and running it. I
also don't see this type of attack any simpler than fooling a user to
run a cool game or script.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] FFSpy, a firefox malware PoC
    ... And Firefox wont even ... Instead of installing a fancy rootkit or keylogger, ... attack than installing rootkit or keylogger. ... allowed sites for addon installations by default in the browser. ...
    (Full-Disclosure)
  • Re: IE7 on SBS
    ... many things to consider before installing the browser. ... When I left my first post I had not had any issues with IE7 and how it ... it at that same point either but Firefox will and IE6 will as well. ... Information sent over the Internet without encryption can be seen by other ...
    (microsoft.public.windows.server.sbs)
  • Re: Firefox Update?
    ... Make sure you donwloaded the correct firefox package for your ... Uninstall the SuSE-original 1.x firefox before installing ... type 'su' and press enter; then enter the 'root' password ... the first time you run firefox it can take a little time ...
    (alt.os.linux.suse)
  • Re: How to improve performance on laptop?
    ... When I entered xfce4, it takes about 14secs for everything is ready, and when I open the Firefox, it always takes about 15secs to 20secs to be ready. ... The system may be getting slower because I have been configuring and installing new staff on it. ... I don't know how to remove the journal features without damaging my system with minimum risks. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • Re: .Net upgrade fails. (Firefox required for newsgroup access?!!!)
    ... > to use Internet Explorer to access Microsoft's own newsgroups, but instead> finding Firefox works just fine--and Firefox being what I'm right now> *having* to use to create this posting. ... Microsoft, you *should* fear> Firefox ... No problem> with other I.E. critical update installing. ...
    (microsoft.public.windowsupdate)