[<prev] [next>] [day] [month] [year] [list]
Message-ID: <470c0800905250219n6798c6f1u74af49cb7c02edd3@mail.gmail.com>
Date: Mon, 25 May 2009 14:49:20 +0530
From: FUDder Guy <fudderguy@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: FFSpy, a firefox malware PoC
> From: saphex <saphex_at_gmail.com>
> Date: Wed, 20 May 2009 01:42:16 +0100
>
> I think this is interesting, http://myf00.net/?p=18
>
So, how does someone manage to edit the overlay file?
Are they going to use some javascript from a malicious website to edit
the overlay file of an addon? Or are they supplying a malware addon as
a normal addon in the firefox addon download page? Or is the attacker
manually editing the addon on another user’s system by gaining access
to that system?
I don’t see any point in this. It is as good as some person taking
some code from somewhere, editing it with some malware code and
resuppplying it and saying “hey, I am not a verified author. you can
now download and install my malware addon”.
Any code out there can have mal addon. I doubt there is anything
special in this. If it is open source, it is the user’s job to check
the codebase for such malicious code.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists