Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Data Breach

Mozilla banned hundreds of malicious Firefox add-ons over the last weeks

Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons. Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this […]

Mozilla Firefox

Mozilla is intensifying the efforts to protect its users, in the last couple of weeks, the security staff has banned 200 malicious Firefox add-ons.

Over the past two weeks, Mozilla has reviewed and banned 197 Firefox add-ons because they were executing malicious code. The malicious Firefox add-ons were found stealing user data and for this reason, they were removed from the Mozilla Add-on (AMO) portal.

Mozilla also disabled the malicious add-ons in the browsers of the users who have already installed them.

The apps were using obfuscation to hide their source code and were downloading and executing code from a remote server, a behavior that violates the policy of the portal. Downloading code from a remote server could allow threat actors to execute malicious code within the browser once it will be dynamically downloaded from a server under their control.

Mozilla banned 14 Firefox add-ons ([1], [2]. [3]) because they were using obfuscated code and potentially hiding malicious code.

Most of the banned apps have been developed by 2Ring, a provider of B2B software.

Mozilla banned for the same reason six Firefox add-ons developed by Tamo Junto Caixa, and three add-ons that were fake premium products.

Mozilla also banned an unnamed add-onWeatherPool and Your SocialPdfviewer – toolsRoliTrade, and Rolimons Plus for collecting user data without consent.

The organization also banned for malicious behavior other 30 add-ons.

Firefox also reported the case of an add-on named Fake Youtube Downloader was spotted attempting to install a malware in users’ browsers.

Mozilla also banned Firefox Add-ons like EasySearch for Firefox, EasyZipTab, ConvertToPDF, and FlixTab Search were for intercepting and collecting user search terms, a behavior that violates the rules.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Mozilla, Firefox)

[adrotate banner=”5″]

[adrotate banner=”13″]