I saw there is a Firefox security vulnerability thread, but this seems like a more specific discussion...

I assume that Firefox plug-ins work through some kind of pre-defined interface, correct? So, when I install a plug-in, just /how much/ control and access am I making available to the code for that plug-in?

For example, do plug-ins
...have access to all the cookies stored for my session?
...have permission to communicate with any server the wish?
...have access to all the hard disk data stored in my profile folder? Data in other profiles? Data outside profile folders?

Lately I have been taking a lot of steps to improve the security of my computing experience, including hardened distro installation sources and better firewalls. I love a whole lot of Firefox plug-ins, but wonder about the security. Some approaches I have been thinking about to reduce risk...

A. Use no firefox plugins at all
B. Use only firefox plugins that I absolutely need
C. When possible, run plugins in a separate profile than the one I normally use for browsing and sensitive activities (is this actually any more secure...?)

If you're that paranoid about security then here:
Make a jail with only what you need.
Build Xorg and Firefox.
Tweak Firefox to be extremely secure and then create a more secure profile.
Run Firefox from the command line with And do it all within a virtual environment.


Look at the code for each and then you can answer your own questions.

0 members found this post helpful.

Like, a jail root for only one application? An intriguing idea...
Running Gentoo, so already done.
Thanks, but reprogramming Firefox to be more secure wasn't really what I had in mind (there are a lot of people working on that). My question was really more about the inherent (in)security of the Firefox plug-in model. Fundamentally: assuming that a Firefox plug-in /was/ designed to be malicious, what kind of harm is it capable of doing within the restrictions provided by the plug-in interface?
Turning off all extensions and running in a virtual environment wasn't quite as pragmatic an approach as I was hoping for, but I'll take it into consideration.

Of course, if I became an expert on Firefox plug-in programming, I wouldn't need to post this thread. Maybe I'll do that some day, but for now I'm just curious if there are any experts around here who have some insight.

I've wondered about this too, and I look forward to reading posts by anyone who could shed light on this matter. My gut tells me there isn't much protection, if any at all, but I'm kind of a pessimist with these things.

Did a little bit of research: evidently plug-ins are done primarily in Javascript, through some interfaces: XUL (XML User Interface Language), DOM, XPCOM, and a few others. Apparently with XUL and DOM you can manipulate Firefox's interface and any loaded web pages, and XPCOM (alien plasma grenade, anyone?) gives you access to the filesystem and other system components. I'm not sure yet what restrictions there are... but just knowing that the code has access to all my web page DOM trees, plus my network connection, makes me a bit nervous...