Hi, What is the level of trust we have to give into valuable firefox plugins? (potentially without checking the provided signatures or hashes, if available). Altering the plugin functionality into an observation plugin is just an easy task and I strongly recommend to work with empty firefox profiles. "./firefox -P --no-remote" Watch the movie on Hacking-Lab to understand the firefox observation hack. http://www.hacking-lab.com/download/ Regards Ivan Buetler Compass Security, Switzerland www.csnc.ch --- SWISS CYBER STORM III - WARGAMES - CTF - May 2011 ---
