Exploiting Firefox Extensions

Firefox extensions are popular, well-established and used by millions of people around the world. Some of these extensions are recommended by the Mozilla community, and are implicitly trusted by the masses. Little is known about Firefox extensions from a security perspective and our research intends to fill this gap.

The talk is divided in two parts: theory and practice. First, security model of Firefox extensions will be explored and security testing methodology will be presented. Next, it will illustrated on how to apply the theory and discovered severe vulnerabilities in the most popular and recommended Firefox extensions. Examples of exploits will also be demonstrated.

After this talk, attendees will have gained a better understanding of the security implications, threats and risks of using and deploying Firefox extensions. Security professionals and auditors will be able to use our material as a security testing framework when auditing Firefox extensions