Design/Logic Flaw

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

Firefox for Android Bug Allows 'Epic Rick-Rolling'

A vulnerability in Firefox for Android paves the way for an attackers to launch websites on a victim’s phone, with no user interaction. The attack manifests in the form of a Firefox browser window on the target device suddenly launching, without the users’ permission. This can be used for various...

The Case for Limiting Your Browser Extensions

Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extensio...

Someone Hijacks A Popular Chrome Extension to Push Malware

Phishers have recently hacked an extension for Google Chrome after compromising the Chrome Web Store account of German developer team a9t9 software and abused to distribute spam messages to unsuspecting users. Dubbed Copyfish, the extension allows users to extract text from images, PDF documents...