| Browser extension is a kind of mechanism for adding new personalization features to browser. It can greatly enhance the performance capabilities of the browser. However, it also exposes the browser under more attacks. So, the study of browser extension security has become a hot topic in the software security field. For better profiling the behavior features of browser extensions, we did a large-scale study to the behaviors of Firefox browser extensions, expecting to offer some valuable information to our next work.By analyzing the interfaces provided to the extensions by Firefox, we first abstracted and classified the extension's behaviors, and categorized them into four security levels according to their potential risks. Then based on the Firefox open source browser, we designed and implemented an automatic test system for browser extension's behaviors. It can automatic download all the suitable extensions to local system from the Mozilla repository, install and test the extensions on an instrumented Firefox browser one by one, and monitor and record the behavior information during the test process. Additionally, for exposing as much behaviors of extensions as possible, the system will simulate the user's behaviors to trigger the extension's event handling modules. At last, we utilized this system to do a large-scale test to the existing extensions on Mozilla, and analyzed the experimental results from multiple perspectives.We tested over 2465 extensions on Mozilla. After that, we did statistics to the extension's direct behaviors from multiple angles, deeply investigated several dangerous behaviors and bad practices of extensions, and detailedly studied the extension's indirect behaviors. The results demonstrate that the existing Firefox extensions show a lot of dangerous or bad behaviors. |
PDF Full Text Request