Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Mozilla-Based Browsers be Hijacked?

Posted by Cliff on from the any-exploits-out-there dept.

Chibi Merrow asks: "Matt Hartley in his latest GnomeReport speaks of supposed browser hijacker programs that are now targeting Mozilla FireFox instead of IE. While this is in a way cool (since that means the browser's now considered mainstream), it's also hard to believe. It doesn't help that his article is very light on details. Now there have been some discussion about spyware masquerading as valid extensions; but they require user intervention to install. Most people think of a browser hijack as something that automatically installs itself. Has anyone ever encountered an actual self installing browser hijacker/spyware program that has targeted Mozilla Firefox, or is this a bunch of FUD?"

4 of 102 comments (clear)

  1. What's really funny.... by Fuzzle · · Score: 2, Interesting

    Is that I submitted a story about a website trying to install mal-ware through Mozilla 2 months ago, and it never got published. While I'm not trying to bitch about the editors, because it probably didn't seem that important, it's hilarious that now because someone has written "an article", which appears to be rambling, it's a large issue. Oh bla di.

  2. Re:IE is part of Windows by sql*kitten · · Score: 3, Interesting

    it uses Windows' SSL whereas Mozilla has its own SSL

    Actually, this is exactly contrary to SSL philosophy. When asked "why doesn't SSL/SSH do such-and-such", developers reply that they want to concentrate on the crypto layer and other applications can use that layer to provide their own services (for example, sftp is layered on top of ssh, VNC uses ssh to provide its crypto, etc). So, there's one crypto system to maintain and patch, not two or even n.

    It's Unix philosphy too, building useful things from small tools that do one thing well. The Mozilla people lost sight of that pure vision LONG ago, and reimplemented everything from scratch. Kinda missing the point of libraries altogether.

  3. OS dependancy? by polyp2000 · · Score: 2, Interesting

    Im sure if one hacks around hard enough a security hole can be found in any browser. I'd like to hope the non-bloat nature of Mozilla and its open-source goodness would ensure to an extent that its inherently very secure, and that potential holes are fixed rapidly. However I think that one also has to take into account the operating system the browser is running on and whether any Mozilla exploits are dangerous accross different platforms. My guess is that though Mozilla is enjoying a good market share at the moment, any exploits that may arise are going to target the operating system, in most cases that will be Windows. Its pretty dificult to run arbitrary code on linux or OSX without being very stupid.

    Even so, using Mozilla on windows is a sensible thing to do from a security perspective since it provides another layer of security. IE, is so tied into the OS in this regard, but Mozilla is more of a seperate entity.

    nick ..

    --
    Electronic Music Made Using Linux http://soundcloud.com/polyp
  4. I've seen it by alatesystems · · Score: 2, Interesting

    I saw one xpi try to install on cracks.am. I was happy and mad at the same time. It's mainstream!!!

    Chris