Extensions that auto-update? Yeah, there could be a threat there and we aren’t sure when a fix is coming.
This is actually a threat that I had considered once or twice before – but it seems like it is getting a little more “conversation” around the Web this time around. For the best description on what this security hole is all about – lets turn to CyberNet News.
So what’s the problem? When using an extension in Firefox it frequently checks to see if there is a more updated version available, and Firefox will notify the user whether they are running the latest version. Normally the user will agree to the update and proceed with their normal browsing activities, but there could be more going on behind the scenes than the user is actually aware of.
Looks like Firefox isn’t looking to fix this yet till version 3 of the browser rolls out. Folks like Google though have promised to fix any issues with their extensions as soon as they can. All we can hope is that others will follow suit.