Sunday, May 08, 2005

Firefox 1.0.3 Extension Vulnerability

Apparently the good folks over at FrSIRT have found a way to trick your beloved Firefox into installing an extension, bypassing the regular security measures using JavaScript. Your options at this point seem to be, disabling JavaScript, or my preference, disable the "Allow web sites to install software" option, by going to Tools -> Options -> Web Features (windows). UPDATEMozilla Security has posted their work-around and comments that they've patched their servers to prevent the exploit

I guess it happens to everyone, and I think the incidents of major flaws being discovered in "alternative" computer choices will be on the rise as more and more people begin to make the switch from the Wintel mindset. Unfortunately, as more people begin to see the benefits of having control over their computers with programs like Firefox, and it's numerous extensions, hackers will being to pick them apart. No code is perfect.