Firefox

6351 readers

3 users here now

A community for discussion about Mozilla Firefox.

founded 2 years ago

MODERATORS

lightbeam24@lemmy.world

Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users (www.koi.ai)

submitted 1 week ago by King@sh.itjust.works to c/firefox@lemmy.world

1 comments fedilink hide all child comments

cross-posted from: https://sh.itjust.works/post/51716383

you are viewing a single comment's thread
view the rest of the comments

[–] moonpiedumplings@programming.dev 7 points 1 week ago

The png didn't do shit. Users where compromised by a malicious extension.

Steganagrophy (hiding data in a png) is a non issue and cannot do anything independently. It is also impossible to really stop.

Which is probably why the cybersecurity news cycle likes to pretend that steganagrophy is a risk on it's own, so that they can sell you products to stop this "theat".

I hate the clickbait title is what I'm trying to say. But the writeup is pretty interesting.

Although the real solution to this problem is probably only letting users install known safe extensions from an allowlist, instead of "pay us for consulting!".