Jump to content
Login new information ×
Login new information

Download Manager (S3) Firefox Add-On Spies on Users

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Firefox Download Manager (S3) add-on captures the entire source code of Web pages and uploads them to a remote server



One of Mozilla's most popular extensions, Download Manager (S3) also known as S3 Download Manager, has been caught collecting user information and sending it to a remote server, fact which led to its removal from the Mozilla Add-Ons Portal.



Download Manager (S3) is one of Firefox's oldest add-ons, being used as an alternative to the browser's built-in download management tools.



The add-ons works by listing all recent downloaded files on a horizontal bar at the bottom of the browser, allowing easy access to file download details like download URL, file location on disk, checksum, file rename functions, play or pause downloads, and so on.



The add-on spyware behavior is not activated by default



According to the developer that spotted the problems on Reddit, to blame is a recent add-on version which comes with an option to support the add-on creator by showing advertisements on various Web pages.



If the user agrees, the add-on will begin its spying behavior and start collecting data on the user's activity, sending it to icontent.us, a Web service dedicated to providing analytics for Chrome extensions and Firefox add-ons. This data is then used to deliver targeted ads to users, based on the user's interests.



The problem relies on the fact that the Download Manager (S3) add-on is collecting the whole HTML contents of the pages to which the user navigates to,which may hold sensitive user information, as some of these pages appear after users log in into their accounts (banking pages, Facebook accounts, Gmail inboxes, etc. see Mr. Popov's response at the end of the article) .



Add-on was removed from Mozilla's Add-Ons Portal



One of Mozilla's engineers was informed of this issue, confirmed the spying behavior, and had the add-on removed from Mozilla's Add-Ons Portal in about 10 hours after being reported.



On the Mozilla forums, the add-on author, Alexander Popov (Oleksandr), explained the behavior as the following: "If user consent is given, this add-on will show advertising on web pages. In that case, the user's browsing history can be accessed by a third party (ad network). This behavior does not extend to Private Browsing mode. ADVERTISEMENT DISABLED BY DEFAULT!"



Before being removed, the add-on's page on the Mozilla portal showed that around 117,000 users have installed and were using the plugin. If you've lost your trust for this developer and add-on, similar functionality is provided by the Download Status Bar add-on.



We have contacted both Mozilla and Mr. Popov for further comments.



UPDATE: Mr. Popov has answered our email. You can see his response in the image below.



download-manager-s3-firefox-add-on-spies


Mr. Popov's response


Source


Link to comment
Share on other sites
  • Replies 7
  • Views 1.9k
  • Created
  • Last Reply
straycat19

straycat19

Posted
Posted
Mozilla portal showed that around 117,000 users have installed and were using the plugin.

I wouldn't call a program used by this number of users popular, more like obscure and unknown.

Link to comment
Share on other sites
GateMate

GateMate

Posted
Posted

Never heard of it sounds like a trap

Link to comment
Share on other sites
shamu726

shamu726

Posted
Posted

First I heard of it too. "One of Mozilla's most popular extensions", yeah right. :rolleyes:

UPDATE: Dan Callahan, engineer in Developer Relations at Mozilla, has told Softpedia that their staff contacted Mr. Popov, but he has yet to respond them. He also said they've also checked the developer's other plugins, and that besides Download Manager (S3) another add-on was also found to have a similar behavior and also removed from the add-ons portal. If Mr. Popov removes the user privacy intrusive behavior from his add-on's code, Mr. Callahan said that the Mozilla staff won't have any issues with relisting the add-ons on their portal.

Link to comment
Share on other sites
dee.pee

dee.pee

Posted
Posted

That an addon I use since a long time.

On its last update last week, after restarting Firefox, choice is offer to user to activate or not the ads system. ... I choosed NO, thanks and yet never get annoyed with ads.

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

That an addon I use since a long time.

On its last update last week, after restarting Firefox, choice is offer to user to activate or not the ads system. ... I choosed NO, thanks and yet never get annoyed with ads.

So he just added the Analytics system last week.? People don't realize how many programs contain Analytics many close source ones do even ones people pay for with no choice to trun them off even. :P

I wonder how many add-ons they are spying on people with www.icontent.us ? Never volunteer to send any infos out that's insane. :lol:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...