An article has been released about insecure plug-ins for Mozilla’s Firefox internet browser. A security researcher, Christopher Soghoian, warned Firefox users that updates on third-party add-ons are not safe. The flaw affects all third-party add-ons.

Even if the company uses SSL, which stands for secure sockets layer, there is no guarantee that a user’s PC will not receive a malicious code installed.

In an interview with SecurityFocus, Soghoian said, “Many companies have world-class in-house security teams, so their worst sin is not consulting their own experts, who would have undoubtedly shot down any attempt to update code over an insecure and untrustworthy connection.”

He used a network sniffer to test whether the extensions use secured updates and he found that they use a plain HTTP packets.

Source: The Register