A security researcher has found a remote vulnerability in the upgrade mechanism in the Firefox extension used by Google Toolbar and Google Browser Sync that could lead to a man-in-the-middle attack and covert installation of malicious software.
Christopher Soghoian, a graduate student at Indiana University's School of Informatics, discovered that an attacker can silently slip malicious software onto computers via an upgrade mechanism flaw in the latest versions of highly popular Firefox extensions, including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker.
eWeek Security
Reply With Quote