Adblock Plus and (a little) more

Adblock security hole closed - but not by Adblock devs [updated] · 2006-06-18 22:46 by Wladimir Palant

A while back I mentioned two security holes I found in Adblock (bug 338114, access is restricted). Both are pretty stupid programming mistakes and can be fixed trivially. Luckily recent security improvements in Firefox prevent one of the bugs from being exploited. The other is wide open however and can potentially allow malicious web sites to gain control over your computer.

The good news for all Adblock users out there: this bug has been fixed. Boris Zbarsky made Firefox safer once again, and once Firefox is out Adblock users should be (relatively) safe. The bad news: both security holes are still in Adblock, only hidden. Adblock developers disappeared once again and aren’t even reacting to the most urgent requests (and I don’t mean Michael McDonald here who has been very responsive but seems to lack the possibility to change something). Given the numerous users still using Adblock this makes me pretty sad…

Update (2006-06-30): AMO made mcm a co-author for Adblock so he could upload a fix. Adblock homepage is still listing as most recent version.



Commenting is closed for this article.