Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Search the Community

Showing results for tags 'noscript'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The General Stuff
    • Announcements
    • Introduce Yourself!
    • General Discussion
  • Microsoft Software Products
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Server 2008/2012/2016
    • Older Windows NT-Family OSes
    • Windows 9x/ME
    • Other Microsoft Products
  • Unattended Windows Discussion & Support
    • Unattended Windows
    • Other Unattended Projects
  • Member Contributed Projects
    • Nuhi Utilities
    • Member Projects
    • Other Member Contributed Projects
    • Windows Updates Downloader
  • Software, Hardware, Media and Games
    • Forum Categories
    • Mobile Devices
  • Customizing Windows and Graphics
    • Customizing Windows
    • Customizing Graphics
  • Coding, Scripting and Servers
    • Web Development (HTML, Java, PHP, ASP, XML, etc.)
    • Programming (C++, Delphi, VB/VBS, CMD/batch, etc.)
    • Server - Side Help (IIS, Apache, etc.)

Calendars

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype

Found 1 result

  1. NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported. The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Of the top 10 most popular add-ons vetted by Mozilla officials and made available on the Mozilla website, only Adblock Plus was found to contain no flaws that could be exploited by a malicious add-on that relied on reuse vulnerabilities. Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and FlashGot Mass Down all contained bugs that made it possible for the malicious add-on to execute malicious code. Many of those apps, and many others analyzed in the study, also made it possible to steal browser cookies, control or access a computer's file system, or to open webpages to sites of an attacker's choosing. Via ArsTechnica
×