A little over a month ago, both Google Chrome and Mozilla Firefox removed the Stylish plug-in for logging your browsing history. But Mozilla has apparently continued its efforts to root out nosy browser extensions, and now nearly two dozen more are getting pulled from the Firefox add-on site, ZDNet reports.
This new phase appears to have been spurred by Raymond Hill, developer of AdBlock Origin, who observed in a Reddit post last week that a Firefox add-on called Web Security was sending your browsing history to a mysterious IP address. Prior to its removal, Web Security came highly recommended from Mozilla itself, adding to the drama.
Mozilla rep Jorge Villalobos cites four reasons why the offenders are getting pulled: Suspiciously excessive amounts of data are getting sent to the developer by the add-on, some of that data is sent unencrypted (so anyone snooping on your Internet connection can see this data), the add-on "doesn't clearly disclose this practice," and the programming code in the add-on may even have a few hidden lines that let the developer execute commands on your computer from a remote location.
Remote code execution is normally considered a serious security violation. Microsoft frequently patches Windows to protect users against this specific behavior, and virus scanners regularly check for this sort of thing as part of identifying a piece of malware.
And the rabbit hole goes even deeper: "Multiple add-ons with very different features, and different authors, have the same code. Further inspection reveals they may all be the same person/group."
FOLLOW Download.com on Twitter to keep up with the latest app news.
If you already have one of the offending add-ons installed, Mozilla has disabled them in your browser for security and privacy reasons.
The add-ons and their developers include:
- Web Security
- Browser Security
- Browser Safety
- Popup Blocker Ultimate
- Quick AMZ
- YouTube MP3 Converter
- Simply Search
- Video Downloader
- Pop-Up Blocker Extension
- Facebook Video Downloader
It's tragic when the people we entrust with our privacy and security end up being foxes in the henhouse, but at least Mozilla is rooting out the problem within its add-ons library.
- Mozilla has removed nearly two dozen add-ons for its Firefox browser, apparently spurred by suspicious activity uncovered by the creator of AdBlock Origin.
- These add-ons perform a variety of different functions but may be the creation of a single malicious actor.
- If you have the offending add-ons in your browser, Mozilla has disabled them to protect its users.
- How to beef up your Chrome and Firefox security in 2018
- Dashlane's new Inbox Security Scan can check your emails for malware
- Android malware Sonvpay secretly charges you premium text message fees
- Google pulls kids games containing AdultSwine malware (CNET)
- Windows malware: How to stop your files being wrongly tagged as malicious by Windows Defender ATP (ZDNet)
- 25 Android smartphone models contain severe vulnerabilities off the shelf (TechRepublic)