Mailinglist Archive: opensuse (1839 mails)

< Previous Next >
Re: [opensuse] A Day After Firefox Upgrade 3.5 -> 3.6 Many Add-On Updates — Suspicious? (11.3)
  • From: dwgallien <dwgallien@xxxxxxxxx>
  • Date: Sun, 19 Sep 2010 14:27:55 -0400
  • Message-id: <201009191427.55389.dwgallien@xxxxxxxxx>

Yesterday I installed the Firefox 3.5 -> 3.6 upgrade that was offered by
YaST Online Update. After restarting the browser (which I'd quit before
commencing the upgrade installation) it checked my installed add-ons,
found one (a theme) to be incompatible and disabled it. The next day
(today) when I started Firefox up, it presented updates for several of
my add-ons, all of them seemingly unrelated to each other. Since I
found the conjunction of so many updates suspicious, I thought I'd ask
if anyone's aware of any exploits being propagated via Firefox add-ons.

These add-ons were listed as having updates:

Firebug (1.5.3 -> 1.5.4)
Novell Moonlight (2.2 -> 2.3)
TabGroups Manager (2009.10.02.05 -> 2010.06.20.02)
Tab Mix Plus ( ->
Weave Sync (1.2.3 -> 1.4.4)
Xmarks (3.6.14 -> 3.8.6)

Does anyone have any insights on these? Is it a coincidence? Were the
updates enabled by the upgrade from Firefox 3.5 to 3.6? If so, why were
they not detected until the second restart of Firefox following the
upgrade? The incompatibility of the theme was detected immediately.

Randall Schulz

In my 3.6 upgrade with 16 extensions, 1 was updated. No issues. I also use
Tab Mix Plus; the update to had been done previously. Perhaps your
automatic updates wasn't working?
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >