Today, Mozilla removed (23) twenty-three Firefox extensions that spied on users of the browser, collected information and sent to a remote server.
Rob heard of the possible problem via a message on one of the Reddit forums and decided to investigate whether the extension really was in the neighborhood problems. It did not take long before the technician discovered that not only that person collected information from users, but 22 other extensions in the Firefox store shared the same malicious code.
According to Wu, malicious code was found in extensions divided into two categories: while one type of navigational data was collected, sending each address visited by the user to a remote server, a second type, in addition to data collection, permission to execute external code, allowing the extension developer full access to the machine of everyone who had it installed.
The best known of these extensions (and that was the focus of the research) is Web Security. Used by more than 220,000 users, it ironically sold itself as a tool to ensure the security of the user's data.
Mozilla has not provided the full list of the name of these failed extensions (only the ID of each of them), but there are several that are used for data protection (in addition to Web security, the list also includes Browser protection, Browser privacy and Browser security) and blocking ads (Popup-Blocker, Popup-Blocker Pro and YouTube Adblocker)
Mozilla has not only removed the 23 Firefox store extensions, but has already disabled them for all computers on which they were installed. If you enter your browser settings, you will see a message that the extension has been disabled for security reasons.
Source: Bleeping Computer
Enter your e-mail address on Canaltech to receive daily updates with the latest news from the world of technology.