Add-on security vulnerability announcement
One malicious add-on and another add-on with a serious security vulnerability were discovered recently on the Mozilla Add-ons site. Both issues have been dealt with, and the details are described below....
Mozilla Sniffer ...
CoolPreviews ...
The blog describes the vulnerability in CoolPreview as
A security escalation vulnerability was discovered in version 3.0.1 of the CoolPreviews add-on. The vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.
Would NoScript block "the remote JavaScript code" attempting to run "with local chrome privileges"?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Alan Baxter wrote:Would NoScript block "the remote JavaScript code" attempting to run "with local chrome privileges"?
Nope. As far as I can tell, the vulnerable Cooliris Preview version takes it from the link and injects it in chrome context. Therefore NoScript has no chance to tell it came from an untrusted web page.
