Which Web browser do you use? A lot of you are using Internet Explorer, Google Chrome, or even the new Microsoft Edge. There's also a good chance you're using Mozilla Firefox. Tens of millions of people use it to search the Web. Even if it's not your everyday, go-to browser, you might occasionally use it for its best features.
It's fast, secure and for a lot of people, it has the best browser extensions. As it turns out, though, it also has 2,000 or more security holes that can lead to your Windows PC or Mac being infected with malware. Worse, the malware lets hackers take over your PC or Mac.
The problem involves those extensions (or add-ons or plug-ins), which let you customize your Internet experience. For example, you might have an add-on like PepFeed, which alerts you if you're shopping and it finds better deals on other sites.
The way the malware gets into Firefox extensions is uncomfortably simple. A hacker creates an extension that looks like it'll be used for a good purpose.
Then it slips right past Mozilla's vetting process, according to researchers at Northeastern University. Or, some extensions are created using an old platform. The bogus extension then infects legitimate extensions with the malware. The findings were recently presented at the Black Hat Asia conference.
There's some good news here. Firefox is aware of the problem and will start implementing a fix. "The method described relies on a popular add-on that is vulnerable to be installed, and then for the add-on that takes advantage of that vulnerability to also be installed," a Firefox representative said. Firefox said it will soon start sandboxing Firefox extensions, meaning the extensions won't be able to share code.