Over the past two weeks, Mozilla security team banned 197 Firefox add-ons that contained malicious code for data theft and more.
Add-ons were banned and removed from the Mozilla portal Add-on (AMO) to prevent new installations, but they were automatically disabled in programs as well tourof the users who had installed them.
Found 129 add-ons developed by 2Ring, and the B2B software vendor. The ban was imposed because the add-ons were downloading and running code from a remote server.
According to Mozilla regulations, add-ons must contain the same code as the end-user and must not download code dynamically from remote locations. Mozilla has now begun to strictly enforce this regulation throughout its ecosystem.
The Firefox company discovered six additional add-ons developed by Tamo Junto Caixa and three add-ons that were considered fake premium products (their names were not given to the public).
Bans were also imposed on illegal data collection by users. Mozilla staff banned an anonymous add-on, WeatherPool and Your Social, Pdfviewer – tools, RoliTrade, and Rolimons Plus
But there were bans on malicious behavior. Mozilla security team has banned 30 add-ons that display various types of malicious behavior.
Mozilla only reported the add-on IDs, not their names, so their developers can request the ban be lifted after removing the malicious behavior. One addon that went through this process was the Like4Like.org Addon, which was initially removed because the security team believed it was collecting and submitting user credentials or tokens. social media on another site.