Candid Wueest Symantec
Elia Florio Italian Data Protection Authority
download slides (PDF)
Firefox is a very popular browser. Its open designed framework makes it easy to extend the functionality either by changing the core code directly or by creating extension plug-ins that work on multiple OSs.
As with browser helper objects for Internet Explorer, Firefox extensions can also be misused to carry out malicious actions on the user's computer.
Any installed extension has the same full rights as the browser itself and therefore can do a lot more than just display web pages. This includes accessing the file system in write mode, opening new network sockets and creating new processes.
This leads to a variety of security problems that can introduce or hide malicious code on a system. There have already been a number of cases where malware dropped malicious extensions or harmless extensions downloaded malicious code and the numbers are increasing. Even full backdoor trojans are possible this way. Furthermore, badly written extensions can be exploited through web pages.
This paper will highlight the security concerns with Firefox extensions and will show the tricks that Firefox malware uses today.