Firefox offers encryption to Add-on’s for security purposes bit other vendors don’t follow these measures because of the resource limitations. The most vulnerable Add-on’s are from popular sites like Google, Yahoo, Facebook and Linkedin.
Add-ons that are not vulnerable to this type of attack include NoScript, Greasemonkey, and AdBlock Plus.
Soghoian says he contacted Google and other developers and told Mozilla and specific about this vulnerability on April 16, 2007. Many vendors ignored him. Mozilla did work with some vendors, such as eBay, to fix the problem and has updated its developer site to include safe coding practices to guard against this attack. Abiding by the CERT vulnerability disclosure policy, Shogoian went public 45 days after notifying CERT and the vendors affected.