Mozilla's add-on review team has banned close to 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code, over the past few weeks.
The add-ons have not only been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they have also been disabled in the browsers of the users who already installed them.
The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server.
According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem.
A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons, whose names have not been disclosed, were deemed fake premium products.
Bans were also levied for illegally collecting user data. Mozilla staff banned an unnamed add-on, WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus.
But there were also bans for malicious behaviour. Mozilla reviewers banned 30 add-ons that exhibited various types of malicious behaviour.
Mozilla listed only the add-on IDs, not their names, so add-on developers can appeal the ban and remove the malicious behavior. One add-on who passed the appeal process was the Like4Like.org Addon, initially believed to be collecting and submitting user credentials or tokens of social media websites to another website.
Other shady behaviour was spotted in the FromDocToPDF add-on, which Mozilla engineers said was loading remote content into Firefox's new tab page.
A Firefox add-on named Fake Youtube Downloader was also banned for attempting to install other malware in users' browsers.
Add-ons like EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search were banned for intercepting and collecting user search terms, a clearly bannable offense.
Last, but not least, Mozilla's security staff also banned a batch of two, nine, and three add-ons that were caught using obfuscated code, a technique through which add-on developers make their code hard to read, for the purpose of hiding malicious behaviour.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.