DEF CON 17: Abusing Firefox Addons

Speakers: Roberto Suggi | Nick Freeman

Hundreds of Firefox addons are created every week. Millions of users download them. Some addons are even recommended by the Mozilla community, and users implicitly trust them. We don’t trust a single one, and we will show you why.

This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities.

From the Mozilla download statistics, over 15 million users are potentially affected. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.

Be surprised

I know what I'm looking for

Related videos