Over the past two weeks, Mozilla’s add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code. From a report:
The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they’ve also been disabled in the browsers of the users who already installed them. The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server. According to Mozilla’s rules, add-ons must self-contain all their code, and not download code dynamically from remote locations.
- Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem. A similar ban for downloading and executing remote code in users’ Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).