Over the past two weeks, Mozilla security team banned 197 Firefox add-ons that contained malicious code for data theft and more.
Add-ons were banned and removed from the Mozilla Add-on (AMO) portal to prevent new installations, but were automatically disabled in the browsers of users who had installed them.
Found 129 add-ons developed by 2Ring, and the B2B software vendor. The ban was imposed because the add-ons were downloading and running code from a remote server.
According to Mozilla regulations, add-ons must contain the same code as the end-user and must not download code dynamically from remote locations. Mozilla has now begun to strictly enforce this regulation throughout its ecosystem.
The Firefox company discovered six additional add-ons developed by Tamo Junto Caixa and three add-ons that were considered fake premium products (their names were not given to the public).
Prohibitions were also imposed on the illegal collection of data by users. Mozilla staff have banned an anonymous add-on, WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus
But there were bans on malicious behavior. Mozilla security team has banned 30 add-ons that display various types of malicious behavior.
Mozilla only listed add-on IDs, not their names, so developers can request that the ban be lifted after removing the malicious behavior. One add-on that went through this process was the Like4Like.org Addon, which was initially removed because the security team thought it was collecting and submitting user credentials or social media tokens to another site.