You don't have to deliberately add a malicious addon, just by visiting a webpage it can be added, (unless you have JavaScript disabled, e.g. by NoScript addon ) ...mikeb wrote:do you have some examples ..eg addons to avoid for example? sites that do this... what approval messages to be wary off before adding an addon?It's still possible for malware to be injected into the browser , even on a Linux computer. Like a hidden addon to the browser which functions as a keylogger , to or redirect your browser (browser hijack).
http://www.exploit-db.com/wp-content/themes/exploit/docs/24541.pdfexploit-db.com wrote:There are not mechanism to restrict the privileges and execution scope of add-ons.
JavaScript functions can hook into the browser interface every time Firefox loads. They can collect keystrokes from Firefox browser interface. The JavaScript XMLHttpRequest object can be used to exchange data with a server in background.
https://www.google.com/search?q=Malicious+Firefox+Add-Ons+Keylogger