Zero-Day Vulnerabilities In Firefox Extensions

An anonymous reader writes "Researchers have found several security holes in popular Firefox extensions that have an estimated total of 30 million downloads from AMO (the Addons Mozilla community site). Three 0-days were also released. Mozilla doesn't have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension." The affected extensions are Sage version 1.4.3, InfoRSS 1.1.4.2, and Yoono 6.1.1 (and earlier versions). Clearly the problem is larger than just these three extensions.

Re:Yep that's why I avoid extensions

[sopssa]

You cant do the same kind of URL filtering on DNS level since the only thing you can filter is the domain/subdomain part. Theres lots of cases where you need to be able to filter more specifically (like if the website is hosting the ads itself, or just to make some more general rules), and Opera+Ad Muncher is perfect for that.

Re:Yep that's why I avoid extensions

[sopssa]

Yeah sure. I have been using Ad Muncher for years and can recommend it as a great piece of software for what I have commented. But since I have an partner account with them already, I can just use that on my links. But if you are really worried about that, just go to www.admuncher.com directly - its the same price.