Firefox Security Issue
May 9, 2005
We all knew it wouldn’t take terribly long for malware authors to start targeting Firefox.
The bad news is that it’s happened.
The good news is that it’s easy to protect yourself.
In short, malware authors have figured out a way for scripts to fake being from a domain on the list of “sites allowed to install software”—the sites where you might have installed an extension.
To solve this, go to the Firefox Preferences dialog (in Mac OS X) or the Tools Options dialog (in Windows) and select Web Features. Click where it says “Allowed Sites” and then click “Remove All Sites”, and then “OK”.
This should protect you from the problem; you can always add a site back in when you want to install (or update) an extension, and remove it again afterwards. The sites serving extensions are currently adding fixes to solve this problem from the server side also, but in the meantime, protect yourself.