The last two weeks, the team security Mozilla banned 197 of its add-ons Firefox, which contained malicious code for data theft and more.
Add-ons were banned and removed from the Mozilla Add-on (AMO) portal to prevent new installations, but were also automatically disabled in programs tourof the users who had installed them.
Found 129 add-ons developed by the 2Ring company, and the supplier software B2B. The ban was imposed because the plugins were downloading and running code from a remote server.
According to Mozilla regulations, add-ons must contain the same code as the end-user and must not download code dynamically from remote locations. Mozilla has now begun to strictly enforce this regulation throughout its ecosystem.
The Firefox company discovered six additional add-ons developed by Tamo Junto Caixa and three add-ons that were considered counterfeit products premium (their names were not given to the public).
Prohibitions were also imposed on the illegal collection of data by users. Mozilla staff have banned an anonymous add-on, WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus
But there were bans on malicious behavior. Mozilla security team has banned 30 add-ons that display various types of malicious behavior.
Mozilla only listed add-on IDs, not their names, so developers can request that the ban be lifted after removing the malicious behavior. One add-on that went through this process was the Like4Like.org Addon, which was initially removed because the security team thought it was collecting and submitting user credentials or social media tokens to another site.