Friday, November 20, 2009

Day Zero vulnerabilities in Firefox Extensions

"Day Zero" means there's a vulnerability, but no fix. The workaround is to disable the extensions. Browser extensions are generally bad security juju because there's little or no security checking on what the extension does. The code is essentially allowed to do anything the browser can do.

Three extensions are vulnerable:
  • Sage version 1.4.3
  • InfoRSS 1.1.4.2
  • Yoono 6.1.1 (and earlier versions)
Go to Tools -> Add Ons -> Extensions to see if you have any of these.

No comments: