Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks

[aum]

Mozilla's security staff is cracking down on malicious Firefox add-ons.

 

Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code.

 

The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them.

 

The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server.

 

According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem.

 

A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).

 

Bans were also levied for illegally collecting user data. Mozilla staff banned an unnamed add-on, WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus.

 

But there were also bans for malicious behavior. Mozilla reviewers banned 30 add-ons that exhibited various types of malicious behavior.

 

Mozilla listed only the add-on IDs, not their names, so add-on developers can appeal the ban and remove the malicious behavior. One add-on who passed the appeal process was the Like4Like.org Addon, initially believed to be collecting and submitting user credentials or tokens of social media websites to another website.

 

Other shady behavior was spotted in the FromDocToPDF add-on, which Mozilla engineers said was loading remote content into Firefox's new tab page.

 

A Firefox add-on named Fake Youtube Downloader was also banned for attempting to install other malware in users' browsers.

 

Add-ons like EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search were banned for intercepting and collecting user search terms, a clearly bannable offense.

 

Last, but not least, Mozilla's security staff also banned a batch of two, nine, and three add-ons that were caught using obfuscated code, a technique through which add-on developers make their code hard to read, for the purpose of hiding malicious behavior.

 

Source

[mp68terr]

Quote

Mozilla listed only the add-on IDs, not their names...

What about those who already installed these add-ons, is there a list or a way for users to know if they are running now-banned ones?

[Jogs]

2 minutes ago, mp68terr said:

What about those who already installed these add-ons, is there a list or a way for users to know if they are running now-banned ones?

I think they will be automatically disabled in Firefox.

[Guest]

30 minutes ago, mp68terr said:

What about those who already installed these add-ons, is there a list or a way for users to know if they are running now-banned ones?

Mozilla has already have kill switch functionality on installed extensions. Once knowing that the malicious extension have been listed on this site, it will block the unsafe add-on from loading. Blocks can be issued at varying levels depending on the severity of issues found.

• Soft blocks disable an extension by default, but allow you to override and continue to use the add-on. Soft blocks are issued for non-malicious add-ons.

• Hard blocks disable an add-on and do not allow you to enable it or override the block. Hard blocks are used when add-ons are found to be malicious.

• Click-to-activate blocks disable a plugin by default, but allow you to enable the plugin for particular sites. This type of block is issued for non-malicious plugins.

The only way to unblock the restriction is to have developers update the add-on which are verified extensively by the Mozilla addons team. It also means, the affected add-on will stay blocked unless the developers responds to the blockade issued by the Mozilla addons team.

https://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist

Besides, Mozilla has plans to discontinue sideloading addons on upcoming Firefox 74. So Mozilla has total control on approving and vetoing which extensions can be used on Firefox (and Thunderbird as well). In other words, the only way to install the add-ons on Firefox 74 and above will be only through Mozilla's official extension site.

https://blog.mozilla.org/addons/2019/10/31/firefox-to-discontinue-sideloaded-extensions/

[steven36]

Fake YouTube downloader  it would take a moron to download and addon with such a name  . No YouTube addons work right  anymore with out  installing  companion programs that mux the streams together  anyway. So you may as well use a download manger . JD2 , XDM  , IDM  (only works on Windows). 

 

2 hours ago, Edward Raja said:

In other words, the only way to install the add-ons on Firefox 74 and above will be only through Mozilla's official extension site.

Just install waterfox and the problem  is solved install addons anyway you  like for real power users , not  for noobs that need a vendor to hold there hand because they install anything they see  that's new and what you  say  is not even true it would help if you actuality  read the links to what you  post .

 

Quote

You can still add your own extensions manually, or distribute them from your website just like you could before. What’s being removed is one installation vector that was being abused to forcefully install extensions that users may not have wanted.

 

Also  any addons you sideloaded  before version 78  want be deleted  they will just move  out of the sidloaded folder to the normal  addons folder and keep working . It dont effect signed addons at github  and other  sites that not at AMO  or at both places at all!. They blacklist  the addon only if it found to be malicious . Not all  addons they ban from AMO  are  some they ban because  of dmca complaints  and are still at github  signed , update and everything  . sideloaded  addons never update .

 

Quote

Mozilla does more damage to their users trying to protect them than the bad guys do.

https://discourse.mozilla.org/t/so-you-are-really-killing-the-addon-ecosystem-now-congratulations/15340

 

I still use  Waterfox classic were  i can use classic addons  that are real addons not those crappy  ones they copy  from chrome.  They killed  real addons for power users in 2017 .

 

1.Useful addons that we once had, are gone from Firefox  still work in Watefox Classic.

2  Lots of  malicious addons ported from Chrome started showing up at AMO  so there pr  about switching to Web Addons  being safer was a lie  that nobody wanted  but Mozilla  .

https://blocked.cdn.mozilla.net/

3, Customization options get deprecated and removed.

4. If people still use Firefox as there default browser after all the control they already took from there users and not learn by now it's  just becoming  a Jail like Chrome  is they deserve the abuse  Mozilla dishes out on them.

5 . Mozilla is more worried about  Ethical Issues than they are making  good products they still never recovered  from laying off there co founder years ago for  his beliefs and they been going down hill every since. 

6. Not being able to sideload  addons will mostly only effect what little bit of Enterprises that use it addons to be effected  not consumers  , causing more users to leave there  browser  . Everything they do causes more users to leave,  But really Chromium is not a option for  what they doing ether.

 

I still  have Firefox  but i never use a lot  just a spare browser like Chromium and Brave is    i use it more for a wrapper  to make webapps on Linux  than anything  , find a website  i like add adblocking stuff and create a web app.

 

[steven36]

The reason your confused @Edward Raja is you dont use Firefox   you said before you dont use it because  it has high cpu  and you just post info  without reading the facts . But the fact is  everything  they do is  just a power grab away from users  that caused  users to complain and to  use other  browsers removing sideloaded  apps targets  enterprises so its no different people are mad about it not happy.

 

It all  started  the year when they  laid off there co-founder Brendan Eich  2014 who makes Brave Browser .

https://www.cnet.com/news/mozilla-under-fire-inside-the-9-day-reign-of-fallen-ceo-brendan-eich/

 

Firefox 29.0 released for download began them copying chrome with the add-on bar has been removed, content moved to navigation bar Apr 28, 2014 , People got mad and some left

https://www.neowin.net/news/firefox-290-released-for-download/

 

Every since Firefox 50  2016 they require  signed addons some got mad and left

https://www.mozilla.org/en-US/firefox/50.0/releasenotes/

 

People used  XUL  addons  to put  back the  addon bar  and lots  of other things

With the release of Firefox 57 in 2017, Mozilla removed support for legacy add-ons, including the use of custom XUL code. People got mad some left.

https://en.wikipedia.org/wiki/XUL

 

They was even a petition for them not to  do this that started in 2015 so they lost more users 

https://www.change.org/p/mozilla-don-t-remove-xul-and-xpcom-support-from-add-ons

 

Quote

Mozilla does more damage to their users trying to protect them than the bad guys do.

People who use Firefox use after 2017 for default do it because there fanboys   because thats not even Firefox  anymore  . Only real Firefox left are  forks of Firefox.

[Sylence]

Loving Firefox, using Firefox Dev it as my default browser, ditched Google chrome few months ago and new Edge still has got to get more features from old Edge.

[steven36]

1 hour ago, Sylence said:

Loving Firefox, using Firefox Dev it as my default browser, ditched Google chrome few months ago

That was there intended  effect to  appeal to Chrome users but most of there users got mad and said  if there going be another Chrome they will just use Chrome instead .  The few users they picked up from becoming like Chrome never equals all the real Firefox users they lost because of becoming like Chrome.  Most users are not concerned about ethics  there concerned about the design   .

 

The most used browsers for all platforms combined   is  Google and Safari

 

https://gs.statcounter.com/browser-market-share

 

What browsers people use on just Windows alone  dont matter any more  Windows with  there billion users , IOS with  there billion and  Android with there 2 Billion .  The online devices browsing the internet is 3 times bigger than desktop alone . Most all the money  from consumers  is being made on mobile now. Google  is fixing to make a power grab against Apple to make it harder for them to sell apps on IOS because  Apple is to concerned  . with ethics and Google main goal is profit . Microsoft still controls  the enterprise.

 

Some counties Firefox  have 2nd higest market share  on desktop but in the USA were there from they come in last

https://gs.statcounter.com/browser-market-share/desktop/united-states-of-america/#monthly-201812-202001-bar

 

In North America  a lot of people use Mac OS  for desktop  So Safari is 2nd still. Edge is fixing to beat out Firefox they early adapters.

https://gs.statcounter.com/browser-market-share/desktop/north-america/#monthly-201812-202001-bar

[Reefa]

14 hours ago, steven36 said:

Fake YouTube downloader  it would take a moron to download and addon with such a name

[steven36]

47 minutes ago, Reefa said:

 

But you can see here  some addon Mozilla be blocking some stuff  just because they  pull data  from google  or  Microsoft

 

The sad state of language translation in Firefox

https://www.jeremiahlee.com/posts/page-translator-is-dead/

 

They blocking  all the good translate  addons  they done it  way before  they got there own translate system  stuff like that just runs people over to Google  Chrome were they have built in  language translation and dont ban these type addons at Google ether. Mozilla keeps banning the cloud addons   and  they still not hired anyone to do there s yet anybody need  a job?

https://careers.mozilla.org/position/gh/1666741/

 

[Reefa]

8 hours ago, steven36 said:

But you can see here  some addon Mozilla be blocking some stuff  just because they  pull data  from google  or  Microsoft

 

The sad state of language translation in Firefox

https://www.jeremiahlee.com/posts/page-translator-is-dead/

 

They blocking  all the good translate  addons  they done it  way before  they got there own translate system  stuff like that just runs people over to Google  Chrome were they have built in  language translation and dont ban these type addons at Google ether.

 

No fair play bruv i am still sticking to firefox though.. And also i use Startpage.. All these addons luckily i have never installed any of them that's why i found that funny..Thanks for the info to...

[cyberloner]

I like and prefer firefox more than chrome...

can backup profile easily ...

[Sylence]

11 hours ago, steven36 said:

That was there intended  effect to  appeal to Chrome users but most of there users got mad and said  if there going be another Chrome they will just use Chrome instead .  The few users they picked up from becoming like Chrome never equals all the real Firefox users they lost because of becoming like Chrome.  Most users are not concerned about ethics  there concerned about the design   .

 

The most used browsers for all platforms combined   is  Google and Safari

 

https://gs.statcounter.com/browser-market-share

 

What browsers people use on just Windows alone  dont matter any more  Windows with  there billion users , IOS with  there billion and  Android with there 2 Billion .  The online devices browsing the internet is 3 times bigger than desktop alone . Most all the money  from consumers  is being made on mobile now. Google  is fixing to make a power grab against Apple to make it harder for them to sell apps on IOS because  Apple is to concerned  . with ethics and Google main goal is profit . Microsoft still controls  the enterprise.

 

Some counties Firefox  have 2nd higest market share  on desktop but in the USA were there from they come in last

https://gs.statcounter.com/browser-market-share/desktop/united-states-of-america/#monthly-201812-202001-bar

 

In North America  a lot of people use Mac OS  for desktop  So Safari is 2nd still. Edge is fixing to beat out Firefox they early adapters.

https://gs.statcounter.com/browser-market-share/desktop/north-america/#monthly-201812-202001-bar

 

I didn't understand, when did Firefox become like Chrome? how ??

[steven36]

7 hours ago, Sylence said:

 

I didn't understand, when did Firefox become like Chrome? how ??

Read here

How Firefox became Almost Complete Copy of Chrome

https://www.howtogeek.com/228131/firefox-is-about-to-become-an-almost-complete-copy-of-chrome/

 

They copied  Google Chrome  for years Chromium is open source   soon after Google   launched   Google Chrome they  started coping there methods and features . But they lost most of there identity in 2017 when  WebExtensions  replaced Firefox’s powerful extension framework. That what Firefox forks  turned out to be too save   Firefox's legacy . Palmoon started out as a ESR version of Firefox before they had ESR many years ago , then ended up forking off with a very old version of Firefox  . Waterfox started out to give people a stable version of x64 Firefox before Firefox had x64  on Windows and forked off  into a old version  of Firefox that forked off into Waterfox classic  . 

 

Only thing sets Firefox apart is under the hood ,  is it uses the Gecko engine instead of Chromium  . But it still Chrome  with a different engine   . Not much  different than Google Chrome on IOS  that use webkit instead of Chromium. Brave uses  Chromium and has all the privacy features  and more than Firefox  and Safari has.  privacy features is nothing new just now they starting to bake them in instead of just having to use addons but  none of the baked in ones work as good as addons do. That why some addons have millions of users.  

 

[Guest]

19 hours ago, steven36 said:

The reason your confused @Edward Raja is you dont use Firefox   you said before you dont use it because  it has high cpu  and you just post info  without reading the facts . But the fact is  everything  they do is  just a power grab away from users  that caused  users to complain and to  use other  browsers removing sideloaded  apps targets  enterprises so its no different people are mad about it not happy.

Oh come on rookie, I still use Firefox. And yeah, before you post I did my own homework unlike yours.

Anyway, "thanks" for that enlightment.
 

 

[steven36]

1 hour ago, Edward Raja said:

Oh come on rookie, I still use Firefox. And yeah, before you post I did my own homework unlike yours.
 

 

You need  need to come up with something better  than Rookie  , the 1st version of Firefox i ever used  was Firefox 1.5  November 29, 2005 and I used  IE and Opera  years before that. I remember back when Oprea had a free version with ads and a paid version without  and you needed  a key  to activate it  and i had a key . Also  i been a member here since  2007 and i've used Firefox or a Fork of Firefox  the whole time .   . So now i called you out on what you said now you say you  use it ?  how convenient to change your story now when needed !  How do you take someone serious that change there story all the time? I was not the one who  said it you did , so ether you was not being honest  then or your not being honest now ? What one is it? By saying you use it now after you said you didn't  because it used too much CPU  i dont know  what to believe now . So your not doing yourself any favors.

 

 

I used Google  Chrome before too just to test it and to use it's for it's pepper flash in Firefox  on Linux with Flow Player .  But  didn't like it and i never really used it  . But  Firefox is a not a fork  of a open source browser  it is the upstream open source version . Google Chrome is a closed source fork of Chromium  . Firefox has not been closed source since they were Netscape browser.  Virgin Chromium browser is  Google Chrome without the closed source garbage added and I still use it as a spare browser even now. It even comes in some Linux Distros  instead of Firefox.Virgin Chromium can sync to Google services  and has built in Google translate  unlike Firefox. 

 

Previously using something is past tense,  they millions  of users who use to use Firefox  in the past who use Google Chrome now so it not very shocking . But they dont know whats going on with  it or experience its problem now like  us people  who keep it installed now . I know whats going on  with it  because i  have it installed still , just i dont use it all the time. ( it's a spare browser. )  So if  has problems  it dont bother me much like it do a default user because i use Waterfox Classic the most. But i love testing browsers and setting them up  and seeing how usable i can make them . But I've done this for years now  I used Cyberfox  before I used  Waterfox  so i didn't be exposed to unwanted changes  in my default browser every since Firefox strayed coping Chrome i had a fork installed  as my default browser. Only reason I switch to Waterfox  was because they stop making Cyberfox .

[mp68terr]

1 hour ago, steven36 said:

I remember back when Oprea had a free version with ads and a paid version without  and you needed  a key  to activate it  and i had a key

'Original' opera, netscape, 'old' IE era... It was long before, when the point was simply to use something that works. Forgot if there were much add-ons then, users were less hard to please. Likely less malicious apps around.

[steven36]

3 hours ago, mp68terr said:

'Original' opera, netscape, 'old' IE era... It was long before, when the point was simply to use something that works. Forgot if there were much add-ons then, users were less hard to please. Likely less malicious apps around.

Only computers i used back then was in school  we had a commodore 64  there and i had Atari 2600 to play games  at home when i was in School.  , I could of cared less because computers really  didn't mean nothing to me by the time i had to use them on a job as a tech at  a plaint that made computer  parts  the one  i used to keep  inventory on  was much older than the one  i had at home. I was not rich  were did a  kid come up with over $1000  to buy a PC  that was slow as molasses?. I was already paying a payment on my $1000 stereo every week , and paying for my partying  supplies  and room and board .

 

I waited  tell i made my own family  to buy a PC out of boardem from having to stay home with  the woman and the kids  . 2001 is when i came online all the time i had been online on other peoples PCs when visiting before  .  Before then i never was home long enough to care . I started on a Windows ME HP PC in 2001 and i  switch to a XP   DELL PC in 2002. Electronics were expensive back then they was ether made in the USA  or Japan  . Nowadays the Government even give out smartphones  to the poor even for free . That Dell i bought with XP  P4  was $1200 dollars  it only had  256 MB  of Ram so i ended up upgrading it to 1 GB  and it only had a DVD player so i put a DVD burner underneath it and i was pirating   DVDs like a fat rat  by the time i done that.  i had my own business on eBay that was paying better than my job   so i ordered and  sold stuff  all the time .  People was still on dial-up so you couldn't download them like now so you rented DVDs and made pirated copies  .

 

When i 1st came on warez boards  i uploaded software warez on dailup  then on satellite all the time and  i had pages and pages of post so it worked for what it was. But 1 album of music took all night to download .So we mostly  just downloaded single mp3s and satellite was capped  so you couldn't download very much a day . 

 

when i started using PCs IE was the most used browser  and we needed addons but there were none in IE and it was very dangerous to be running XP  you could be infected  in 20 minutes  after taking  a new PC out of the box with a real virus. I soon figured out it was windows firewall causing it and started using  Sygate firewall  with a key i got off the fastrack network . AVG we called it another virus  got by  , that was a different time were Anti Virus  would only detect a virus after  you was infected and it  couldn't  really  remove it,  so you just pulled out your DVD  and reformatted to get rid of it. 

 

Infected in 20 minutes

https://www.theregister.co.uk/2004/08/19/infected_in20_minutes/

 

Windows 98  needed browsers with addons too because i had a used one  and when i got it it had adware and spyware  in it were from  the previous owners that were infected.  You could  always tell when someone be would looking  at porn sites back then  when you used there PC they would be infected with 1-900 dailers  and porn pop ups. It was a dead giveaway .

 

The History of Spyware

'spyware' was used for the first time publicly in October 1995. It popped up on Usenet (a distributed Internet discussion system in which users post e-mail like messages) in an article aimed at Microsoft's business model. In the years that followed though, spyware often referred to 'snoop equipment' such as tiny, hidden cameras. It re-appeared in a news release for a personal firewall product in early 2000, marking the beginning of the modern usage of the word.

In 1999, Steve Gibson of Gibson Research detected advertising software on his computer and suspected it was actually stealing his confidential information. The so-called adware had been covertly installed and was difficult to remove, so he decided to counter-attack and develop the first ever anti-spyware program, OptOut.

https://www.adaware.com/faq/spyware-history

 

When adware use began roughly in 1995, some industry experts considered all adware to be spyware. Later, as the legitimacy of adware grew, it was thought of as merely a "potentially unwanted program." As such, its use proliferated and not too much was done to monitor its legitimacy. It wasn't until the peak adware years of 2005–2008 when adware vendors started to monitor and shut down questionable activities.

https://www.investopedia.com/terms/a/adware.asp

 

It was not tell like 2005  they started to  remove it from the internet .  And it still a problem  today . Android inherited  much  of the Old Windows problems. Because  Android is maintain by a Ad company giant. 

 

Problems started happening on the internet when Microsoft pushed out IE in a update  to Windows 95 .

[Matrix]

6 hours ago, steven36 said:

You need  need to come up with something better  than Rookie

 

    @steven36 a rookie    does that make the rest of us ??     @Edward Raja    

 

[dragons2020]

I have been using computers since Dos 4.0. I used windows 3.1 and every windows since then. I used Netscape and then Firefox before it was called Firefox. I tried almost every other browser out there and I always go back to Firefox. I have a Lenovo ThinkCentre, Intel dual core CPU, Windows 8.1 and 8 GB Ram. System Manual Says Max 4 GB Ram (2 x 2Gb) I WILL STAY WITH FIREFOX.

[Karlston]

For me, one important thing that sets Firefox apart from Chrome is its customisability.

[solitario]

The firefox code was used by the three-letter agency that is the most important in the world. With that I say everything. I am a firefox user and will continue to be. There is also Cliqz that is really worth trying.

[dragons2020]

Chrome has the most users not because it is a better browser but because they paid all those companies to install chrome with their programs. I used to be the local tech support for my family, friends, neighbors etc... Every single person would ask me how to get rid of Chrome. I have since moved out of the USA and now because of my advancing age and decreasing memory it is hard to help others.