Over the past two weeks, Mozilla's security team banned 197 Firefox add-ons that contained malicious code to steal data and not only.
Add-ons were banned and removed from the Mozilla Add-on (AMO) portal to prevent new installations, but were automatically disabled in the browsers of users who had installed them.
Found 129 add-ons developed by 2Ring, and the B2B software vendor. The ban was imposed because the add-ons were downloading and running code from a remote server.
According to Mozilla regulations, add-ons must contain the same code as the one installed by the end-user and must not be dynamic λήψη code from remote locations. Mozilla has now begun to strictly enforce this regulation throughout its ecosystem.
The Firefox company discovered six additional add-ons developed by Tamo Junto Caixa and three add-ons that were considered counterfeit products premium (their names were not given to the public).
Bans were also imposed on illegal data collection by users. Mozilla staff banned an anonymous add-on, WeatherPool and Your Social, Pdfviewer – tools, RoliTrade, and Rolimons Plus
But there were bans on malicious behavior. Mozilla security team has banned 30 add-ons that display various types of malicious behavior.
Mozilla only listed add-on IDs, not their names, so developers can request that the ban be lifted after removing the malicious behavior. One add-on that went through this process was the Like4Like.org Addon, which was initially removed because the security team thought it was collecting and submitting user credentials or social media tokens to another site.
