Bypassing Enterprise Security Through Firefox Extensions

Firefox is gaining momentum in terms of its install base. Most corporates are installing this browser on their typical desktop image. In a typical enterprise environment, a user's desktop is quite locked down. The person cannot install any software as such; has pre defined set of mapped drives, remote backup software, anti virus, and any other enterprise application, all pre installed.

However, there is one catch. Firefox allows extensions to be downloaded and installed without requiring any special permissions. In theory, an enterprise user can download his/her favorite extension on Firefox and do all the things that typically is not allowed to do. This is very similar to the availability of applications on browser such as Google chat, Meebo, Yahoo chat, etc. without requiring any software to be installed locally.

For the enterprise security group it's always a race against new technology, what to block what not to block, and more than often they are too late in figuring that out :)