Securing firefox: regular hash checks on preinstalled addons

A simple addon could do this automatically very quickly and easily, by down=
loading the latest addons at semi random intervals, and comparing hashes; i=
f the hashes are not already available on firefoxes own addons page.

Today I had noticed the user interface in disconnect totally changed in my =
firefox browser. It had a clean vertical column listing only google, facebo=
ok, twitter, and a few other websites; Each was like a rectangular button. =
Nothing else was visible. It was completely different than the original. I =
should have took a screenshot and backed up the extension but failed to do =
so. I uninstalled the addon and re-installed it from firefox's website; The=
 UI immediately went back to normal. I confirm signature checks were in fac=
t enabled. I'm curious what kind of security firefox implements. I know its=
 supposed to only allow signed addons, but does it go one step further and =
do regular hash checks to ensure it has not been modified or replaced with =
malware? I believe this will be a necessary step in order to mitigate again=
st many zero day threats or vulnerabilities within browser signature verifi=
cation systems.
0
Raven
5/28/2018 4:29:50 AM
mozilla.dev.security 649 articles. 0 followers. Post Follow

0 Replies
187 Views

Similar Articles

[PageSpeed] 46

Reply: