JeffreyBarke.net

This is an interesting (but older) piece of news: "Malware writers are taking advantage of a Firefox mechanism that allows extensions to be loaded invisibly to the user, Symantec has warned."

Candid Wüest, a senior engineer at Symantec, writes that malicious add-ons can be silently installed in the Firefox components directory. Any add-on in the components directory will automatically load with the browser and not show up in the add-ons window, meaning users will most likely not be aware that it has been added or see a way to remove the add-on.

Access to the components directory has been removed in Firefox 3.6, making it more difficult to create stealthy mal-extensions. To review all extensions actually installed in their browser, users can check the following directories.

On Windows:

• %UserProfile%\Application Data\Mozilla\ Firefox\Profiles\[RANDOM].default\extensions
• %ProgramFiles%\Mozilla Firefox\extensions

On Mac OS X:

• /Library/Application Support/Mozilla/Extensions
• ~/Library/Application Support/Firefox/Profiles/[RANDOM].default/extensions/

Each add-on will have its own subdirectory in the extensions directory. Since many add-ons are identified by a GUID instead of the add-on name, I started to compile a list of add-on GUIDs and names at http://jeffreybarke.net/2010/04/firefox-add-on-guid-guide/.

For a lot more good information about Firefox and malicious add-ons, check out "Firefox and Malware: When Browsers Attack" [PDF, 1.4 MB] by Wüest and Elia Floria. It describes "a number of malicious extensions that carry out activities such as logging and forwarding all form submissions that include a password field, or forwarding all URLs visited."

Sources and links to more information

Information originally from Haking9 Vol. 5, No. 2, pg. 8.

• Bugzilla@Mozilla: Bug 519357: Only load known components from app directory
• ID Theft Protect: Firefox blocks rogue add-ons apps
• iTWire: Beware Firefox mal-extensions, warns Symantec
• Mozilla Security Blog: Component Directory Lockdown – New in Firefox 3.6

Below is a (very) partial list of Firefox add-on GUIDs and names. I compiled it from add-ons I currently have installed.

After learning about the potential silent install of malware add-ons, I became interested in what add-ons I actually had installed in my browser. Please add more GUIDs and names in the comments; once I confirm them, I will integrate them with this article. Thanks!

000a9d1c-beef-4f90-9363-039d445309b8

Google Gears

02450954-cdd9-410f-b1da-db804e18c671

Screengrab

3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37

Dust-Me Selectors

75CEEE46-9B64-46f8-94BF-54012DE155F0

MeasureIt

8f8fe09b-0bd3-4470-bc1b-8cad42b8203a

Live HTTP Headers

95C9A302-8557-4052-91B7-2BB6BA33C885

Operator

c45c406e-ab73-11d8-be73-000a95be3b12

Web Developer

d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d

Adblock Plus

e0204bd5-9d31-402b-a99d-a6aa8ffebdca

Torbutton

e3f6c2cc-d8db-498c-af6c-499fb211db9

Page Speed

e4a8a97b-f2ed-450b-b12d-ee082ba24781

Greasemonkey

e968fc70-8f95-4ab9-9e79-304de2a71ee1

User Agent Switcher

Notes and links from last night's Google I/O review at the New York Web Standards Meetup Group. Thanks to everyone who made it!

Note—There's a "curated" selection of Google I/O videos on this blog tagged io2008.

PowerPoint presentation

Demos/tutorials

• Gears
• Google AJAX Feed API

As Jan Odvarko notes, "I was surprised how many Firebug extensions … exist out there." Check out his list of 12 extensions at http://www.softwareishard.com/blog/firebug/list-of-firebug-extensions/. All extensions include a brief summary of what they do, a screen capture and a link to the download page.

Two that I use are YSlow and Odvarko's own Firecookie.. YSlow analyzes Web pages and determines why they're slow based on Yahoo's rules for high performance web sites. Firecookie makes it possible to view and manage cookies within the familiar Firebug UI.