Firefox has a good number of extensions to make it powerful web browser, these extensions may not be safe and they can make your computer vulnerable to hackers. Security Researcher Christopher Soghoian based at Indiana has found that the process used to update some of these add-ons automatically appears to be flawed, and allow hackers to attack your computer.
Firefox offers encryption to Add-on’s for security purposes bit other vendors don’t follow these measures because of the resource limitations. The most vulnerable Add-on’s are from popular sites like Google, Yahoo, Facebook and Linkedin.
Add-ons that are not vulnerable to this type of attack include NoScript, Greasemonkey, and AdBlock Plus.
Soghoian says he contacted Google and other developers and told Mozilla and specific about this vulnerability on April 16, 2007. Many vendors ignored him. Mozilla did work with some vendors, such as eBay, to fix the problem and has updated its developer site to include safe coding practices to guard against this attack. Abiding by the CERT vulnerability disclosure policy, Shogoian went public 45 days after notifying CERT and the vendors affected.