Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this reason, they were removed from the Mozilla Add-on (AMO) portal.
Mozilla also disabled the malicious add-ons in the browsers of the users who have already installed them.
The apps were using obfuscation to hide their source code and were downloading and executing code from a remote server, a behavior that violates the policy of the portal. Downloading code from a remote server could allow threat actors to execute malicious code within the browser once it will be dynamically downloaded from a server under their control.
Mozilla banned 14 Firefox add-ons ([1], [2]. [3]) because they were using obfuscated code and potentially hiding malicious code.
Most of the banned apps have been developed by 2Ring, a provider of B2B software.
Mozilla banned for the same reason six Firefox add-ons developed by Tamo Junto Caixa, and three add-ons that were fake premium products.
Mozilla also banned an unnamed add-on, WeatherPool and Your Social, Pdfviewer – tools, RoliTrade, and Rolimons Plus for collecting user data without consent.
The organization also banned for malicious behavior other 30 add-ons.
Firefox also reported the case of an add-on named Fake Youtube Downloader was spotted attempting to install a malware in users’ browsers.
Mozilla also banned Firefox Add-ons like EasySearch for Firefox, EasyZipTab, ConvertToPDF, and FlixTab Search were for intercepting and collecting user search terms, a behavior that violates the rules.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Mozilla, Firefox)
[adrotate banner=”5″]
[adrotate banner=”13″]
Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.…
Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to…
Two high-severity vulnerabilities in BIG-IP Next Central Manager can be exploited to gain admin control…
The LockBit ransomware group has added the City of Wichita to its Tor leak site…
TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’…
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to…
This website uses cookies.