DEFCON 17: Abusing Firefox Addons





The interactive transcript could not be loaded.



Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 16, 2011

Roberto Suggi Liverani Senior Security Consultant, Security-Assessment.com
Nick Freeman Security Consultant, Security-Assessment.com

Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla community, and users implicitly trust them. We don't trust a single one, and we will show you why.

This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. From the Mozilla download statistics, over 15 million users are potentially affected. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.

Don't panic - the Addons manager can be found under the 'Tools' tab in your Firefox menu. We expect to see a lot of people clicking the "Uninstall" button after this presentation.

For more information visit: http://bit.ly/defcon17_information

To download the video visit: http://bit.ly/defcon17_videos


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...