ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Where can I complaint on Firefox extension that harm my website?

  • 10 ردود
  • 3 have this problem
  • 189 views
  • آخر ردّ كتبه John99

more options

Hello

I got feedback from my customers that they were no more able to access some of my websites because of a third party extension they have installed.

Note: I could installed that extension and could confirmed that malicious activity was true.

Where can I complaint about the Firefox extension with malicious intention?

Regards

الحل المُختار

hello, if the addon is hosted at addons.mozilla.org, please use the contact option under "Editorial Concerns" that is described at https://developer.mozilla.org/Add-ons/AMO/Policy/Contact

Read this answer in context 👍 1

All Replies (10)

more options

الحل المُختار

hello, if the addon is hosted at addons.mozilla.org, please use the contact option under "Editorial Concerns" that is described at https://developer.mozilla.org/Add-ons/AMO/Policy/Contact

more options

Thanks so much. I fired a complain for now and looking ahead to hear from Mozilla

more options

What is the extension you are having problems with ? Full name ? version ? and download URL ?

And what are the problems it apparently causes. What are the affected public websites where you observe this issue ? I presume you have tested this extension yourself and confirmed it causes problems ?

If for instance it is an extension designed to block certain content it may just be performing its expected function.

more options

Hello

This is the url of the add-on https://addons.mozilla.org/en-US/firefox/addon/afrowidgets/

The problem here is that, when a user install that extension and visit most of the site under www.afribaba.com like afribaba .cm afribaba .ci afribaba .sn afribaba .ga etc... they are redirected to corresponding site at kerawa .com

www.afribaba.cm redirect to http:// kerawa .com/cameroun-r40 www.afribaba.ci redirect to http:// kerawa .com/cote-d-ivoire-r43 www.afribaba.sn redirect to http:// kerawa .com/senegal-r55 www.afribaba.cd redirect to http:// kerawa .com/congo-kinshasa-r42 and much more sites from afribaba

Note: afribaba and kerawa are just competitors from the same markets and kerawa developers have set up this extension with malicious intention over afribaba.

Please have a look and test it by yourself to see the malicious activity

Regards

Modified by temgo

more options

You could also bring up concerns about this AfroWidgets extension at https://discourse.mozilla-community.org/c/add-ons which is the support forum for the addons.mozilla.org hosting site.

it used to be forums.mozilla.org but it was moved recently.

more options
more options

temgo said

Thanks, it is done at https://discourse.mozilla-community.org/t/complain-about-afrowidgets-firefox-addon-from-kerawa-com/2405

Note that the term Add-ons does not refer to Extensions only but also Themes (complete mainly), Plugins and also search engines and dictionaries.

more options

Update. Note: The addon was rejected. No longer hosted at https://addons.mozilla.org/firefox/addon/afrowidgets/

more options

I am not sure the problem is fix

It appears Firefox is allowing any external malicious script be installed.

We can still have it here https:// kerawa .com //rss_widget/browser-extensions/firefox/afrowidgets1.6.xpi

As they are forcing they customers to install it after a visit

So obviously, the problem is not fix

After spying their extension, I can see that this is the intentional redirection they are doing (all sites from www.afribaba.com)

from ../resources/afrowidgets/data/js/redirection/config.js

{siteURL: 'afribaba.cd', targetURL: 'kerawa .com /congo-kinshasa-r42', }, {siteURL: 'afribaba.ci', targetURL: 'kerawa .com /cote-divoire-r43', }, {siteURL: 'afribaba.co.ke', targetURL: 'kerawa .com /kenya-r46', }, {siteURL: 'afribaba.cm', targetURL: 'kerawa .com /cameroun-r40', }, {siteURL: 'afribaba.sn', targetURL: 'kerawa .com /senegal-r55', }, {siteURL: 'afribaba.ga', targetURL: 'kerawa .com', }, {siteURL: 'afribaba.info', targetURL: 'kerawa .com', }, {siteURL: 'facebook.com/afribaba', targetURL: 'facebook .com/WaribaOnline', }, {siteURL: 'mercannunci.', targetURL: 'kerawa .com', }, {siteURL: 'mercanuncios.pt', targetURL: 'kerawa .com', },

So they are using window.location.hostname to do the redirections

Regards

Modified by temgo

more options

They are free to impose whatever conditions they wish on their own customers. However as I commented in the other forum there are plans to only allow signed add-ons in future versions of Firefox. That should help.

In very extreme cases add-ons may be blocklisted but there are many conditions to be met for that to be considered, basically I think the add-on must be harmfull AND not do as advertised. You would need to file a bug for that, but first of all you would do best to raise the matter in the add-ons forum. This support forum is not the best place.

I am on a mobile but will try to post more information later this weekend, when I have bookmarks available and can find the conditions for blocklisting.