Mozilla's security staff has identified 197 Firefox addons that were found to be stealing user data or executing malicious codes.
As part of a security drive, Mozilla administrators identified multiple addons with hidden features, along with a number that were deemed unsafe for user privacy and security.
- Google to charge government agencies for user data
- The best Mozilla Firefox VPN 2020
- Google Cloud is now able to store all your secrets
Blocked
In the exercise, Mozilla discovered that 129 add-ons from a B2B software provider 2Ring and 6 from Tamo Junto Caixa were executing an unknown remote code. Add-ons like WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus were banned for collecting user data without consent. The team also banned close to 30 add-ons found to be running malicious data.
Among the other add-ons which were blocked are EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search and a handful of others which were found to be collecting critical user data like search terms. Add-ons like Fake Youtube Downloader and FromDocToPDF were found either loading remote content on the browser page or were looking to install malware apps.
Mozilla’s Add-on policies call out the need of an explicit user consent before collecting any data. It also states that add-ons need to be self-constrained and remote code execution is not allowed. Any non-compliance of the policies warrants a decommission - although developers do have a right to set an appeal to reconsider the ban.
- Keep your online browsing private with the best VPN of 2020
Via ZDNet
