Millions of Mozilla Users Under New Dangerous Threat

  • Saad Qureshi
  • Apr-06-2016

Millions of Mozilla users around the globe are worried by a latest frightening Mozilla Add-on exploit. The new threat has put NoScript, Firebug and more popular Firefox add-on into risk. These add-ons are claimed to be putting users under risky cyber attack, where malicious code is executed to steal sensitive information from the system.

How The Malicious Add-on Works

The add-on threat has made its way to users, due to lack of isolation among numerous Mozilla add-ons installed on the system. However, the flaw in Mozilla security is termed as an Extension Reuse Vulnerability. This is due to the ability of hacker add-on to cover up its malicious activities by intruding into capabilities of other add-ons. Instead of making Mozilla to visit vulnerable websites, the  malicious add-on in first place exploits vulnerabilities in installed 3rd party  add-ons.

Safe Add-ons

While majority of the 3rd party add-ons are prone to Extension Reuse Vulnerability, there are top 10 safe and protected add-ons , ensured by Mozilla for their ultimate protection. These add-ons are available to download from Mozilla website. The Ad block Plus proved to posses no flaws and weaknesses that could be exploited. Other reliable and protected add-ons include:

  • Video Download Helper.
  • Firebug, Grease Monkey.
  • Flash Got Mass Down.

All the rest add-ons are found to contain bugs in code that make vulnerable add-ons to execute malicious code. Even more, these add-ons can exploit browser cookies, gain access to files in the  system, open infected websites of hacker’s will.

Analysis of The Top 10 Mozilla Add-Ons

Upon analysis of the top 10 Mozilla Add-ons, we found unique results for each add-on. User may have perception of individual add-on security by analyzing following results:

Millions of Mozilla Users Under New Dangerous Threat

Mechanism of The Attacker Add-on

In majority of victimized systems, a single 3rd party add-on is downloaded, that is equipped with all functionalities which attacker add-on needs to make system visit malicious website. While in other cases, the attacker add-on pushed an installed 3rd party add-on to download a malicious file and infected another 3rd-party add-on to execute it.

However, users may use a safe add-ons like Ad blocker Plus and a VPN to get protected. As firewalls and anti-virus software mostly protect data resided on computer. A VPN keep user anonymous over internet, and the Ad Blocker Plus will stop the 3rd party adds to track your activities. However, user should hold back to download un trusted 3rd party add-ons, as they are the source of destruction.

Saad Qureshi

Saad Qureshi


Saad Qureshi's Biography :

Saad is a privacy advocate by day and a Dota 2 player by night. He loves to share his knowledge, experience, and insights about internet freedom and online privacy. When he is not busy blogging about the latest trend in the tech world, he is engaged in killing noobs on Dota.