Mozilla's security staff has identified 197 Firefox addons that were found to be stealing user data or executing malicious codes.
As part of a security drive, Mozilla administrators identified multiple addons with hidden features, along with a number that were deemed unsafe for user privacy and security.
The affected extensions have now been deleted from the Firefox portal and also disabled in the browsers of users who already have them installed.
- Google to charge government agencies for user data
- The best Mozilla Firefox VPN 2020
- Google Cloud is now able to store all your secrets
In the exercise, Mozilla discovered that 129 add-ons from a B2B software provider 2Ring and 6 from Tamo Junto Caixa were executing an unknown remote code. Add-ons like WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus were banned for collecting user data without consent. The team also banned close to 30 add-ons found to be running malicious data.
Among the other add-ons which were blocked are EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search and a handful of others which were found to be collecting critical user data like search terms. Add-ons like Fake Youtube Downloader and FromDocToPDF were found either loading remote content on the browser page or were looking to install malware apps.
Mozilla’s Add-on policies call out the need of an explicit user consent before collecting any data. It also states that add-ons need to be self-constrained and remote code execution is not allowed. Any non-compliance of the policies warrants a decommission - although developers do have a right to set an appeal to reconsider the ban.
- Keep your online browsing private with the best VPN of 2020