An analyst Axelle Apvrille from the Fortinet Blog has uncovered the security threats and loopholes in the underlying technology base for Firefox OS. She has developed an application for Firefox called CrackMe and has explored the malware threats and possibilities in the Firefox OS during the development. She says it is very easy in the Firefox OS to introduce malware and phishing.
Firefox OS employs applications which are “packaged applications” that consists of zipped resources or “hosted applications” on the web. In either case, it does not use any executable format which eliminates the need for disassemblers making the job easy for anyone who wishes to read the code and get into its resources and binaries. Furthermore, Firefox OS is based primarily upon HTML and Javascript, it makes the job easy for majority malware authors which use nested HTML documents to hide malicious code in a genuine web page.
