Results 1 to 4 of 4

Thread: A wave of malware add-ons hit the Mozilla Firefox Extensions Store

  1. #1
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,140

    Default A wave of malware add-ons hit the Mozilla Firefox Extensions Store

    Firefox users beware... Although these ones are somewhat easy to spot as suspect.

    https://www.ghacks.net/2019/05/29/an...ensions-store/
    Regards, Paul

    Tumbleweed (Snapshot: 20190713) KDE Plasma 5
    Leap 15.0 KDE Plasma 5
    [Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected]

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,173
    Blog Entries
    3

    Default Re: A wave of malware add-ons hit the Mozilla Firefox Extensions Store

    Interesting. Thanks.

    I try to keep to a very small set of extensions, so I'm not too likely to load a bad one.

    Isn't the extension signing supposed to prevent this? Or is this a reaction to the extension bug, which caused people to turn off verification?
    openSUSE Leap 15.1; KDE Plasma 5;

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,806
    Blog Entries
    1

    Default Re: A wave of malware add-ons hit the Mozilla Firefox Extensions Store

    Mozilla switched from a "review first, publish second" to a "publish first, review second" model in 2017. Any extension uploaded to Mozilla AMO that passes automated checks is published first with the exception of extensions of the Firefox Recommended Extensions program.
    I don't know what the Firefox Store Developer requirements are, the likely problem for Firefox more than Google and other browser "stores" is that as a largely community project, it may not have the resources to at least do a superficial code-check when Extensions are uploaded to the store and maybe Developer verification may be practically non-existent as well (assuming that code signing is enforced, then the Developer's identity should be easily revealed). I don't advocate proper identification for most things on the Internet, but there really isn't any way to get around its necessity when it comes to writing Code others will use.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #4
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,140

    Default Re: A wave of malware add-ons hit the Mozilla Firefox Extensions Store

    Quote Originally Posted by tsu2 View Post
    I don't know what the Firefox Store Developer requirements are ...
    Basically anyone is able to create, sign and upload an extension...

    You agree to abide by the rules: https://developer.mozilla.org/en-US/...licy/Agreement

    Create your extension...

    Go through the signing and submission process: https://developer.mozilla.org/en-US/...s/Distribution https://developer.mozilla.org/en-US/...ting_an_add-on

    ... and that's it, all done and dusted.

    Previously all add-ons were reviewed before they were published, however owing mainly to limited reviewer resources large delays often occurred, much to the wrath of the authors awaiting publication...
    Regards, Paul

    Tumbleweed (Snapshot: 20190713) KDE Plasma 5
    Leap 15.0 KDE Plasma 5
    [Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •