While everyone claims that Firefox is easily more secure that IE7, they are probably only taking the browser in general into consideration. The fact alone that Firefox is more secure than IE7 has lead to many people converting over to the fox. But what about extensions and add-ons. If Firefox is a secure browser, then that must mean the add-ons for it are as well, right? Wrong. Here’s an interesting article stating why. While it does have some good information, I would recommend actually checking out Christopher Soghoian’s actual blog about this, for it has some information not covered in the article that is pretty important.

A security weakness in the update mechanism for third-party add-ons to the Firefox browser could give an attacker the ability to exploit unsecured downloads and install malicious code on the victim’s computer, a security researcher warned on Wednesday.

he vulnerability affects any third-party add-ons that use an unsecured download site as part of the update process, according to Indiana University graduate student Christopher Soghoian, who released an advisory on the issue Wednesday. While using the standard secure communications protocol available in major browsers, known as secure sockets layer (SSL) encryption, could prevent the attacks, many major companies — such as Google, Yahoo, Facebook, LinkedIn, and AOL — failed to do so, Soghoian said.[more]

Tags: Malware