An empirical study of dangerous behaviors in firefox extensions

Authors:
Jiangang Wang;Xiaohong Li;Xuhui Liu;Xinshu Dong;Junjie Wang;Zhenkai Liang;Zhiyong Feng
Affiliations:
Department of Computer Science, Tianjin University, China;Department of Computer Science, Tianjin University, China;School of Computing, National University of Singapore, Singapore;School of Computing, National University of Singapore, Singapore;Department of Computer Science, Tianjin University, China;School of Computing, National University of Singapore, Singapore;Department of Computer Science, Tianjin University, China
Venue:
ISC'12 Proceedings of the 15th international conference on Information Security
Year:
2012

Citing 9
Cited 1

The privacy practices of Web browser extensions

Communications of the ACM
Extensible Web Browser Security

DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Analyzing Information Flow in JavaScript-Based Browser Extensions

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A solution for the automated detection of clickjacking attacks

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
SpyShield: preserving privacy from spy add-ons

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
VEX: vetting browser extensions for security vulnerabilities

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Securing script-based extensibility in web browsers

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
An analysis of the mozilla jetpack extension framework

ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming

Securing legacy firefox extensions with SENTINEL

DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

Quantified Score

Hi-index	0.00

Visualization

Abstract

Browser extensions provide additional functionality and customization to browsers. To support such functionality, extensions interact with browsers through a set of APIs of different privilege levels. As shown in previous studies, browser extensions are often granted more privileges than necessary. Extensions can directly threaten the host system as well as web applications, or bring in indirect threats to web sessions by injecting contents into web pages. In this paper, we make an empirical study to analyze extension behaviors, especially the behaviors that affect web sessions. We developed a dynamic technique to track the behaviors of injected scripts and analyzed the impact of these scripts. We analyzed the behaviors of 2465 extensions and discussed their security implications. We also proposed a solution to mitigate indirect threats to web sessions.