Motanul.Incaltat Posted February 26, 2013 Report Posted February 26, 2013 http://packetstorm.igor.onlinedirect.bg/papers/general/Abusing_Exploiting_and_Pwning_with_Firefox_Add-ons_final_dec.pdfThis paper discuss about a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious piece of code with all the privileges and features as that supported by any native programming languages. Also there is an advantage that these malicious codes remain stealthy and undetected against anti-virus solutions. Malicious Firefox add-ons can be coded to serve this purpose. Mozilla Firefox Browser Engine acts just like a compiler or interpreter to execute your codes without much security concerns. The coding technologies for add-on development can be abused and exploited to create malicious add-ons. This paper explains how Firefox’s insecure policies and add-on development technologies like JavaScript, CORS, Web Socket, XPCOM and XPConnect can be abused by a hacker for malicious purposes... Quote
