25 January 20, 11:02
(This post was last modified: 25 January 20, 11:02 by silversurfer.)
Quote:Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code.
The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them.
The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server.
According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem.
A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).
Bans were also levied for illegally collecting user data. Mozilla staff banned an unnamed add-on, WeatherPool and Your Social, Pdfviewer - tools, RoliTrade, and Rolimons Plus.
But there were also bans for malicious behavior. Mozilla reviewers banned 30 add-ons that exhibited various types of malicious behavior.
Mozilla listed only the add-on IDs, not their names, so add-on developers can appeal the ban and remove the malicious behavior. One add-on who passed the appeal process was the Like4Like.org Addon, initially believed to be collecting and submitting user credentials or tokens of social media websites to another website.
Read more: https://www.zdnet.com/article/mozilla-ha...two-weeks/