Extensions at War

Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]

more | comments | comments rss | posted by

Firefox Malware

You may have already heard of this, but there is a malware which goes around disguised as a Firefox extension. I have no details regarding the malicious code but to be honest, I am not surprised at all. In fact, I wonder why it took so long for the bad guys to figure that Firefox is an excellent malware delivery platform. Usually they are quicker.

A couple of months back, just before my BlackHat talk, I was planning to launch yet another of my experiments. [...]

more | comments | comments rss | posted by

Web Mayhem: Firefox’s JAR: Protocol issues

One of the things that we enjoy the most, here at GNUCITIZEN, is finding issues in features. Unlike bugs, insecure features tend to be more severe and usually last longer due to uneasy and rather long decision making process on whether the feature should be continued or discontinued once and for all. In my previous post I outlined some of my concerns about the data: protocol. Today, I would like to draw your attention on the insecurities that come with my personal favorite: jar:. [...]

more | comments | comments rss | posted by

0DAY: QuickTime pwns Firefox

It seams that QuickTime media formats can cause Firefox to misbehave. The result of this vulnerability can lead to full compromise of the browser.

Before we move on, I have to say a few things. Last year I disclosed two QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here without much of success. [...]

more | comments | comments rss | posted by

HScan Redux

Inspired by Michal Zalewski‘s recent Firefox bug hunt, I decided to give it a go and see what I can come up with. We all know how vulnerable Firefox and other browsers are. This is the reason why I am not particularly interested in finding specific browser bugs.

This vulnerability is not a reworked version of Jeremiah Grossman history hack. It is completely different and it should be treated as a new issue. [...]

more | comments | comments rss | posted by


Technika is a general purpose scripting platform for Firefox. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page, just like Greasemonkey, and everything in the chrome, just like any browser extensions but without need to restart the browser every time you make a change. The platform will be used as a base component to other projects, such as TSF (Technika Security Framework) and AttackAPI browser extension. [...]

more | comments | comments rss | posted by

Fex – enables Firefox Extension Scanner

Couple of days ago RSnake presented really nice POC on how to detect Firefox extensions using JavaScript and Image tags. This definitely goes into AttackAPI as soon as I finish working on my other projects. Meanwhile here is a simple (well maybe not that simple) bash script that goes through the newest, updated and popular Firefox extension feeds, and construct appropriate signatures in comma separated format.

The script can be downloaded from here. [...]

more | comments | comments rss | posted by