| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 May 2009 14:49:20 +0530 From: FUDder Guy <fudderguy@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: FFSpy, a firefox malware PoC > From: saphex <saphex_at_gmail.com> > Date: Wed, 20 May 2009 01:42:16 +0100 > > I think this is interesting, http://myf00.net/?p=18 > So, how does someone manage to edit the overlay file? Are they going to use some javascript from a malicious website to edit the overlay file of an addon? Or are they supplying a malware addon as a normal addon in the firefox addon download page? Or is the attacker manually editing the addon on another user’s system by gaining access to that system? I don’t see any point in this. It is as good as some person taking some code from somewhere, editing it with some malware code and resuppplying it and saying “hey, I am not a verified author. you can now download and install my malware addon”. Any code out there can have mal addon. I doubt there is anything special in this. If it is open source, it is the user’s job to check the codebase for such malicious code. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists