Where can I complaint on Firefox extension that harm my website?
Hello
I got feedback from my customers that they were no more able to access some of my websites because of a third party extension they have installed.
Note: I could installed that extension and could confirmed that malicious activity was true.
Where can I complaint about the Firefox extension with malicious intention?
Regards
Giải pháp được chọn
hello, if the addon is hosted at addons.mozilla.org, please use the contact option under "Editorial Concerns" that is described at https://developer.mozilla.org/Add-ons/AMO/Policy/Contact
Đọc câu trả lời này trong ngữ cảnh 👍 1Tất cả các câu trả lời (10)
Giải pháp được chọn
hello, if the addon is hosted at addons.mozilla.org, please use the contact option under "Editorial Concerns" that is described at https://developer.mozilla.org/Add-ons/AMO/Policy/Contact
Thanks so much. I fired a complain for now and looking ahead to hear from Mozilla
What is the extension you are having problems with ? Full name ? version ? and download URL ?
And what are the problems it apparently causes. What are the affected public websites where you observe this issue ? I presume you have tested this extension yourself and confirmed it causes problems ?
If for instance it is an extension designed to block certain content it may just be performing its expected function.
Hello
This is the url of the add-on https://addons.mozilla.org/en-US/firefox/addon/afrowidgets/
The problem here is that, when a user install that extension and visit most of the site under www.afribaba.com like afribaba .cm afribaba .ci afribaba .sn afribaba .ga etc... they are redirected to corresponding site at kerawa .com
www.afribaba.cm redirect to http:// kerawa .com/cameroun-r40 www.afribaba.ci redirect to http:// kerawa .com/cote-d-ivoire-r43 www.afribaba.sn redirect to http:// kerawa .com/senegal-r55 www.afribaba.cd redirect to http:// kerawa .com/congo-kinshasa-r42 and much more sites from afribaba
Note: afribaba and kerawa are just competitors from the same markets and kerawa developers have set up this extension with malicious intention over afribaba.
Please have a look and test it by yourself to see the malicious activity
Regards
Được chỉnh sửa bởi temgo vào
You could also bring up concerns about this AfroWidgets extension at https://discourse.mozilla-community.org/c/add-ons which is the support forum for the addons.mozilla.org hosting site.
it used to be forums.mozilla.org but it was moved recently.
temgo said
Thanks, it is done at https://discourse.mozilla-community.org/t/complain-about-afrowidgets-firefox-addon-from-kerawa-com/2405
Note that the term Add-ons does not refer to Extensions only but also Themes (complete mainly), Plugins and also search engines and dictionaries.
Update. Note: The addon was rejected. No longer hosted at https://addons.mozilla.org/firefox/addon/afrowidgets/
I am not sure the problem is fix
It appears Firefox is allowing any external malicious script be installed.
We can still have it here https:// kerawa .com //rss_widget/browser-extensions/firefox/afrowidgets1.6.xpi
As they are forcing they customers to install it after a visit
So obviously, the problem is not fix
After spying their extension, I can see that this is the intentional redirection they are doing (all sites from www.afribaba.com)
from ../resources/afrowidgets/data/js/redirection/config.js
{siteURL: 'afribaba.cd', targetURL: 'kerawa .com /congo-kinshasa-r42', }, {siteURL: 'afribaba.ci', targetURL: 'kerawa .com /cote-divoire-r43', }, {siteURL: 'afribaba.co.ke', targetURL: 'kerawa .com /kenya-r46', }, {siteURL: 'afribaba.cm', targetURL: 'kerawa .com /cameroun-r40', }, {siteURL: 'afribaba.sn', targetURL: 'kerawa .com /senegal-r55', }, {siteURL: 'afribaba.ga', targetURL: 'kerawa .com', }, {siteURL: 'afribaba.info', targetURL: 'kerawa .com', }, {siteURL: 'facebook.com/afribaba', targetURL: 'facebook .com/WaribaOnline', }, {siteURL: 'mercannunci.', targetURL: 'kerawa .com', }, {siteURL: 'mercanuncios.pt', targetURL: 'kerawa .com', },
So they are using window.location.hostname to do the redirections
Regards
Được chỉnh sửa bởi temgo vào
They are free to impose whatever conditions they wish on their own customers. However as I commented in the other forum there are plans to only allow signed add-ons in future versions of Firefox. That should help.
In very extreme cases add-ons may be blocklisted but there are many conditions to be met for that to be considered, basically I think the add-on must be harmfull AND not do as advertised. You would need to file a bug for that, but first of all you would do best to raise the matter in the add-ons forum. This support forum is not the best place.
I am on a mobile but will try to post more information later this weekend, when I have bookmarks available and can find the conditions for blocklisting.