Can browser extension have security vulnerabilities?


patrik025

patrik025

Well-known member
Local time
5:36 AM
Posts
31
OS
Windows 11 Pro 64-bit
I have installed over 20 discontinued Firefox extensions, so can they have exploits?
 
Windows Build/Version
Windows 11 22621.1192

My Computer

System One

  • OS
    Windows 11 Pro 64-bit
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI
    CPU
    AMD A10-7860K
    Motherboard
    MSI A88XM-E35 V2
    Memory
    DDR3 16GB
    Graphics Card(s)
    AMD Radeon R7 Graphics (IGD)
    Sound Card
    AMD High Definition Audio Device
    Monitor(s) Displays
    Samsung LU28R55
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 870 QVO 2TB (SSD)
    WDC WD40EFAX-68JH4N1 4TB (HDD)
    Cooling
    Active cooling (Fan)
    Keyboard
    Connect IT NEO
    Mouse
    Rapture Cobra
    Browser
    Firefox & Microsoft Edge (dualistic)
    Antivirus
    Avira Free Security
Quick answer... technically YES
 

My Computers

System One System Two

  • OS
    Windows 11 Pro β
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion Laptop 15-eg0070wm
    CPU
    Intel® Core™ i7-1165G7
    Memory
    32 GB DDR4-3200 SDRAM
    Graphics Card(s)
    Intel® Iris® Xᵉ Graphics
    Screen Resolution
    1920x1080
    Hard Drives
    2TB PCIe® NVMe™ M.2 SSD
  • Operating System
    macOS Ventura
    Computer type
    PC/Desktop
    Manufacturer/Model
    Apple iMac 27" 5K (2017)
    CPU
    3.4 GHz Quad-Core Intel Core i5
    Memory
    40 GB 2400 MHz DDR4
    Graphics card(s)
    Radeon Pro 570 4 GB
    Monitor(s) Displays
    27" 5K, 34" UW
    Screen Resolution
    Mon 1: 5120 × 2880 Mon 2: 2560 x 1080
    Hard Drives
    32GB NVME, 1TB SSD

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3037 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
Actually, ANY software can be affected, even E-Mails.
 

My Computers

System One System Two

  • OS
    Win11 Pro RTM
    Computer type
    Laptop
    Manufacturer/Model
    Dell Vostro 3400
    CPU
    Intel Core i5 11th Gen. 2.40GHz
    Memory
    12GB
    Hard Drives
    256GB SSD NVMe M.2
  • Operating System
    Windows 11 Pro RTM x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro 5890
    CPU
    Intel Core i5 10th Gen. 2.90GHz
    Memory
    16GB
    Graphics card(s)
    Onboard, no VGA, using a DisplayPort-to-VGA adapter
    Monitor(s) Displays
    24" Dell
    Hard Drives
    512GB SSD NVMe, 4TB Seagate HDD
    Browser
    Firefox, Edge
    Antivirus
    Windows Defender/Microsoft Security
patrik025 said:
I have installed over 20 discontinued Firefox extensions, so can they have exploits?
Click to expand...

As everyone has already alluded, yes, they definitely can.

Extensions can be developed by anyone, and although most are safe (if from a reputable source), the developer could code anything into them, if he/she/they wanted.

I personally use none. Simply because I have no need, but I would run the bare minimum number of them if ever necessary. Consider this, the Chrome Store itself, says that only about 75% of it's extensions are trusted as safe. ;)

Best of luck.
 

My Computer

System One

  • OS
    Windows 10 Pro 64-bit 22H2 19045.4046
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell/Vostro 470 (Year 2012)
    CPU
    Intel i7-3770 @ 3.40GHz
    Memory
    8 GB
    Graphics Card(s)
    AMD 7500 Radeon HD Series
    Sound Card
    Realtek Hi-Def Audio
    Monitor(s) Displays
    Dell U2412M
    Hard Drives
    1 TB 7200 HDD
    Keyboard
    Dell/USB
    Mouse
    Dell/USB
    Internet Speed
    100/10
    Browser
    Edge
    Antivirus
    Windows Security/MalwareBytes Premium
If there is code, it can be exploited.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink SEI8
    CPU
    Intel Core i5-8279u
    Motherboard
    AZW SEI
    Memory
    32GB DDR4 2666Mhz
    Graphics Card(s)
    Intel Iris Plus 655
    Sound Card
    Intel SST
    Monitor(s) Displays
    Asus ProArt PA278QV
    Screen Resolution
    2560x1440
    Hard Drives
    512GB NVMe
    PSU
    NA
    Case
    NA
    Cooling
    NA
    Keyboard
    NA
    Mouse
    NA
    Internet Speed
    500/50
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    Mini PC used for testing Windows 11.
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Ryzen 9 5900x
    Motherboard
    Asus Rog Strix X570-E Gaming
    Memory
    64GB DDR4-3600
    Graphics card(s)
    EVGA GeForce 3080 FT3 Ultra
    Sound Card
    Onboard
    Monitor(s) Displays
    ASUS TUF Gaming VG27AQ. ASUS ProArt Display PA278QV 27” WQHD
    Screen Resolution
    2560x1440
    Hard Drives
    2TB WD SN850 PCI-E Gen 4 NVMe
    2TB Sandisk Ultra 2.5" SATA SSD
    PSU
    Seasonic Focus 850
    Case
    Fractal Meshify S2 in White
    Cooling
    Dark Rock Pro CPU cooler, 3 x 140mm case fans
    Mouse
    Logitech G9 Laser Mouse
    Keyboard
    Corsiar K65 RGB Lux
    Internet Speed
    500/50
    Browser
    Chrome
    Antivirus
    Defender.
As everyone noted, yes.

If it is digital, it can be hacked.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    Arctic Liquid Freezer III 420 RGB + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge , Arc
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
Ever since browsers have allowed extension they could be exploited !
 

My Computer

System One

  • OS
    Windows11 23H2 (OS Build 22631.2428)
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP HP ENVY TE01
    CPU
    2.90 gigahertz Intel Core i7-10700
    Motherboard
    Board: HP 8767 A (SMVB)
    Memory
    16214 Megabytes Usable Installed Memor
    Hard Drives
    1511.52 Gigabytes Usable Hard Drive Capacity
    1418.15 Gigabytes Hard Drive Free Space
    Keyboard
    Logitech wireless
    Mouse
    M 185 wireless
    Internet Speed
    12 ms Jitter 8 ms Download 10.5 Mbps Upload 1.7
    Browser
    Edge & FF
    Antivirus
    Windows Defender
Extensions are the easiest way to exploit anything online.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 9 3900X
    Motherboard
    MSI MPG Gaming Edge Wifi (X570)
    Memory
    32GB Adata XPG DDR4
    Graphics Card(s)
    ASUS GTX 1070 8GB ROG
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    Main Boot Drive : 512GB Adata XPG RGB Gen3x4 NVMe M.2 SSD
    PSU
    EVGA 600 Watts Gold
    Case
    Deepcool Genome II
    Cooling
    Deepcool Fryzen
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    "Moderna"
  • Operating System
    Windows 11 Pro
    Computer type
    PC/Desktop
    CPU
    i7-4790K
    Motherboard
    ASRock Xtreme6 Z97
    Memory
    16GB Corsair Vengeance Pro
    Graphics card(s)
    MSI R9 290
    Monitor(s) Displays
    LG Ultrawide 34"
    Screen Resolution
    3440x1440
    Hard Drives
    500GB Adata SSD (OS Only)
    PSU
    Thermaltake 475 Watts 80 Bronze
    Case
    Thermaltake Commander I Snow Edition
    Cooling
    Deep Cool Archer Air Cooler
    Mouse
    Logitech G402
    Keyboard
    Armageddon MKA-5R RGB-Hornet
    Internet Speed
    1Gbps
    Browser
    Chrome
    Antivirus
    Moderna :)
patrik025 said:
I have installed over 20 discontinued Firefox extensions, so can they have exploits?
Click to expand...
Why on earth would you need over 20 extensions? Easiest way to be exploited though.
 

My Computers

System One System Two

  • OS
    Windows 11 build 10.0.22635.4515 Beta / WSL 2 running Ubuntu
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 14 5430
    CPU
    Intel i7-1355U
    Motherboard
    Dell 0GMW80
    Memory
    16GB
    Graphics Card(s)
    Intel Iris XE
    Sound Card
    Realtek
    Monitor(s) Displays
    Dell 14", LG 32" Curved Wide screen monitor and LG Ultrawide 26"
    Screen Resolution
    1920 x 1200 @ 60Hz, 1920 x 1080 @ 100Hz and 2560 x 1080 @ 60Hz
    Hard Drives
    Samsung 990 Pro 1TB NVME Gen 4 M.2 SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Keyboard
    Dell KM3322W
    Mouse
    Dell Trackpad or Dell KM3322W
    Internet Speed
    900mb down / 400mb up FTTP
    Browser
    Edge 132.0.2957.11
    Antivirus
    Windows Defender
    Other Info
    Windows 365
    1TB OneDrive
    Outlook Classic
    Visual Studio Code running in WSL
    Python 3.13
    Macrium Reflect X
    Samsung Magician
    Garmin Express
    Dell TB16 Thunderbolt dock
    WSL
    WEI Score: 8.3
  • Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    Core i5 - 1035G4
    Motherboard
    Microsoft
    Memory
    8GB
    Graphics card(s)
    Intel Iris Plus
    Monitor(s) Displays
    Surface touch
    Screen Resolution
    2736 x 1824
    Hard Drives
    128GB
    PSU
    Microsoft
    Case
    Microsoft Keyboard
    Cooling
    None
    Mouse
    Microsoft Arc Intellimouse
    Keyboard
    Microsoft Surface Keyboard
    Internet Speed
    900mb / 400mb FTTP
    Browser
    Edge
    Antivirus
    Windows Defender
patrik025 said:
I have installed over 20 discontinued Firefox extensions, so can they have exploits?
Click to expand...
Discontinued can be sold or regained by other users and then exploited.
I automatically uninstall any extension that has not been updated for a year.
Even legitimate extensions get occasionally hijacked and push a malicious update.
www.bleepingcomputer.com

Chrome Extension With Over One Million Users Hijacked to Serve Adware

The developer of a very popular Google Chrome extension has regained access over his tool after an unknown hacker had managed to hijack his developer account and push a malicious version that contained adware.
www.bleepingcomputer.com www.bleepingcomputer.com
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.15 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @4800 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @60FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
Thank you all for response.
markw51 said:
Why on earth would you need over 20 extensions? Easiest way to be exploited though.
Click to expand...
I have over 60 extensions, and over 20 are discontinued.
 

My Computer

System One

  • OS
    Windows 11 Pro 64-bit
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI
    CPU
    AMD A10-7860K
    Motherboard
    MSI A88XM-E35 V2
    Memory
    DDR3 16GB
    Graphics Card(s)
    AMD Radeon R7 Graphics (IGD)
    Sound Card
    AMD High Definition Audio Device
    Monitor(s) Displays
    Samsung LU28R55
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung 870 QVO 2TB (SSD)
    WDC WD40EFAX-68JH4N1 4TB (HDD)
    Cooling
    Active cooling (Fan)
    Keyboard
    Connect IT NEO
    Mouse
    Rapture Cobra
    Browser
    Firefox & Microsoft Edge (dualistic)
    Antivirus
    Avira Free Security
patrik025 said:
Thank you all for response.

I have over 60 extensions, and over 20 are discontinued.
Click to expand...

As others have asked - why so many? It's not just about security, it's also about potential data loss by a badly written extension causing your browser to fail at some point.

One suggestion I have, that I took myself from another user many years ago - a lot of extensions are simply easier ways to do something you already can. You should evaluate *all* of them and figure out if you really need them or not, And the key is to understand the difference between wanting them for some ease of use and needing them for some explicit purpose in your workflow.

Then get rid of the ones you determine you do not need.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    Arctic Liquid Freezer III 420 RGB + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge , Arc
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
You must log in or register to reply here.

Similar threads

Solved Win Sandbox Runs in a Remote Desktop Connection (RDC) Session with RDC OFF - Am I Exposed to RDC's Security Vulnerabilities???
Replies
4
Views
874
Gordy_Z
G
  • Article Article
Arc Browser CVE-2024-45489 Incident Report on Security Vulnerability prior to 8/25/24
Replies
0
Views
427
Brink
Brink
  • Article Article
Microsoft 365 Browser Extension End of Support on January 15, 2024
Replies
0
Views
423
Brink
Brink
Best way to increase size of WinRE partition to accommodate Bitlocker security vulnerability fix?
2
Replies
20
Views
3K
ThrashZone
ThrashZone
  • Article Article
ASUS releases firmware updates for router security vulnerabilities
Replies
1
Views
875
HRPuffnstuff
HRPuffnstuff

Latest Support Threads

Latest Tutorials

Back
Top Bottom