Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

ALERT !!!!!!!! Firefox needs to be more secure for the add-ons section.

  • 22 回覆
  • 1 有這個問題
  • 148 次檢視
  • 最近回覆由 ­

more options

Hi, For the add-ons section, I think all the add-ons should be scanned.

=================

it is not my fault that if I download an add-on, it turns out to be a malicious add-on that executes remote codes. You are telling me: "This is not monitored for security through Mozilla's Recommended Extensions program. Make sure you trust it before installing." How can I trust it if I don't know anything about it?? or if it is new? -Most of people here who are downloading add-ons are normal users like me, not people who understand codes and developing.- Read reviews?? Do I understand from you that some people have to sacrifice for us so the rest can know if it is bad or good add-on? And by the way Reading reviews is not enough, For example Few months ago I downloaded a VPN similar to another one, lots of reviews say it is good, so I used it for maybe 1 month then I disabled it and stopped using it. Today I look at it in the disabled add-ons list, I find this message: "VPN has been disabled due to security or stability issues." I read more information about it, it turned out that it was executing remote codes....... That means I shouldn't even trust reviews!! Nothing happened to my firefox browser, but (it may happen) in the future, because of the already executed remote codes or or maybe those codes stole some information about me,....I don't know, but it may get worse who knows what those executed codes do.....

=============================

Now after I provided my (((important))) suggestion, I need an advice please what should I do now?? Should I now reinstall this browser and clean it and remove all of the history? Or change my passwords in ((every site)) I visited?? or what? Thank You Very Much.

由 ­ 於 修改

All Replies (20)

more options

Can you tell us what specific add-ons you are talking about and where you got them?

Helpful?

more options

由 ­ 於 修改

Helpful?

more options

­ said

I got it from this page https://addons.mozilla.org/en-US/firefox/search/?platform=windows&q=vpn

146 results found for "vpn"

FredMcD said

Can you tell us what specific add-ons you are talking about and where you got them?

Helpful?

more options

Sir, in the past when I wrote "vpn" in search bar I could find it in the first list (first page I mean), it had many users, thousands of users but recently, mozilla removed the VPN from the list that is why you can't find it. This is the VPN i am talking about, please look at the screenshot.

由 ­ 於 修改

Helpful?

more options

Have you tried contacting the VPN's support?

Helpful?

more options

Sir, This is a malicious add-on blocked by mozilla and I don't think it has any support, and it is very similar to another VPN, "Hoxx Vpn Proxy". and this is why the add-on was blocked https://blocked.cdn.mozilla.net/7b12233a-69c3-4e98-9337-7df0f010b939.html It is written in that page "These add-ons violate Mozilla’s add-on policies by executing remote code."

========================

Same thing happened with "Dark Reader" Add-on which has the "Recommended", many fake copies were exactly like it, but they had A hidden malicious code. Few days ago mozilla blocked those fake Dark readers. https://darkreader.org/blog/attention/

========================

My question is: after I installed that bad VPN -that took the form of another VPN- and it had an additional malicious code. What do I do now? Re install this browser or clean or change password or what? I don't know what that executed malicious code does, maybe it steals my passwords or get my data....who knows. That is why I am asking what do I do.

由 ­ 於 修改

Helpful?

more options

Helpful?

more options

Alright I will ask there. Thank You For directing me.

Helpful?

more options

Sir, I can't post anything there, I click on create topic then it says "You are not permitted to view the requested resource.".

由 ­ 於 修改

Helpful?

more options

https://discourse.mozilla.org/c/add-ons/add-on-support/111

Sign in.

At the far right, press the +

Helpful?

more options

That is what I already did sir.

由 ­ 於 修改

Helpful?

more options

I called for more help.

Helpful?

more options

If you haven't removed the extension off the Add-ons page, can you pull the extension ID from the Extensions section of the Troubleshooting Information page? That will help with researching it. Either:

  • "3-bar" menu button > "?" Help > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

Scroll down past "Application Basics" and "Firefox Features" to "Extensions". Then you can select and copy portions of the table that follows using either Ctrl+c or right-click > Copy and then paste it into a reply. (It tends to be a bit messy, but we're used it.)

How Concerned Should You Be?

The fact that an extension injected external script files into pages as you browsed caused an unpredictable situation for reviewers: even if the external script files were perfectly safe on the date of approval, because they could change in the future, a decision was made to remove extensions that used such files.

That doesn't mean the extension you were using was malicious -- for example, a lot of Google Translate extensions were removed simply for injecting Google translation scripts. Also, VPN wasn't the subject of a specific take-down request but one involving dozens that were inconsistent with the new policy, so that doesn't really tell us anything.

If you still have a copy of the old extension on your computer, you could give it to someone to analyze, but the external script files might have changed in the meantime, so, well, you see the problem. It's hard to say whether during the time you used it that extension could have caused any harm to you, such as extracting personal data from pages you visited.

What About Future Choices?

­You said

Hi, For the add-ons section, I think all the add-ons should be scanned.

All extensions are checked during upload by screening software. Manual reviews by humans are very limited except for extensions in the Recommended Extensions program.

You are telling me: "This is not monitored for security through Mozilla's Recommended Extensions program. Make sure you trust it before installing." How can I trust it if I don't know anything about it?? or if it is new?

If you click Learn More and then following the link to the article on "assessing the safety" of an extension, you find this support article: Tips for assessing the safety of an extension. That focuses generally on information displayed to you, such as the privileges the extension requires.

You make a good point about user reviews being incomplete information, but they are important to check nonetheless because at least for the more visible kinds of bad behavior such as injecting unwanted advertising, they provide the quickest "heads up."

Should I now reinstall this browser and clean it and remove all of the history? Or change my passwords in ((every site)) I visited?? or what?

In the worst case scenario that one of your extensions was stealing information from pages you visited, yes, change your passwords. I don't think we have enough information to say that is truly necessary, but we're supposed to do it every so often, so why not now?

Helpful?

more options

VPN 4.5.4 false lite-vpn4.1@gmail.com

==

sir, when you said in the final part "In the worst case scenario......ETC" You meant that the VPN I used is bad And I should change my password now because of it?

由 ­ 於 修改

Helpful?

more options

When I search the ID, there is one thread on a French forum where the user had two different VPN extensions installed, and on each page, their security software complained that Firefox was trying to download a trojan:

https://forum.zebulon.fr/topic/227907-resolu-cheval-de-troie-clogiteccom/

I have no idea whether that was happening on your system. Maybe yes, maybe no. Perhaps if it was happening, your security software blocked it silently?

At this point I suggest running supplemental, on-demand malware cleaners. These do not require a purchase. See: Troubleshoot Firefox issues caused by malware.

My point about changing passwords is IF the worst happened, of course you should change them. However, as I said, I cannot tell you what happened on your system, so you should take the precautions that match your level of concern.

Helpful?

more options

I didn't notice anything weird on my system....except maybe when my desktop sometimes goes pink for 1 second then to comes back to normal...but it is Very very very rare when it happens , probably the problem is with my Screen itself.

==

My level of concern.....hmm, I got used to those passwords and I kept them in my mind, it is like a nightmare to change all of those passwords, in every site, And besides I don't know if that add-on stole some information or harmed the browser or not, I need some more thinking, or I need to contact mozilla staff (the people who blocked the add-on) via this page I guess: https://bugzilla.mozilla.org/show_bug.cgi?id=1633390

==

For the troubleshooting page you which you sent: Where do I go in that page? this is a long page, can you please be specific?

Note: I made a scan using Avast Anti Virus few days ago or maybe 2 weeks ago, and it showed nothing (as usual).

Helpful?

more options

aimbotx12987364 said

For the troubleshooting page you which you sent: Where do I go in that page?

Type about:support in the address bar and press Enter. Under the main banner, press the button; Copy Text To Clipboard.. Now in the Reply Box on the forum page, do a right-click in the box and select Paste.

If the data is too big, do not worry. It's the top part we need to look at.

This will show us your system details. No Personal Information Is Collected.

Helpful?

more options

Sorry for the question sir, but Why do you need my system details?

Helpful?

more options

I think there was a little confusion between the Troubleshooting page in Firefox, and the malware article with Troubleshooting in the title. The malware article suggests well-regarded scanning/cleaning tools. You can use as many or as few as you like to feel comfortable that there's no unwanted software on the system.

Helpful?

more options

I already have avast and it showed nothing. Avast from the official website of course.

Helpful?

  1. 1
  2. 2
問個問題

如果您還沒有帳號,您必須先 登入您的帳號 來回覆文章。請 開始一個新問題