Mozilla enjoys a large development community to build add-ons for its Firefox browser. Now it seems all that development might not be a good thing. A security researcher in Indiana has found that the process used to update some of these add-ons automatically appears to be flawed, allowing criminal hackers to intercept the browser's call to the developer to see if there's a new version available. Worse, the most vulnerable add-ons aren't from vendors you've never heard of; they include brand-name sites like Google, Yahoo, Facebook, and LinkedIn.
Extensions for Firefox contain hard-coded Internet addresses for … Read more