Jump to content

Mozilla Bans Popular YouTube Unblocker Add-On


Recommended Posts

8 months ago I created the following topic here in the forum:

Suspicious files in Firefox Extension Folder
 
Unfortunately ESET didn't answer there and also didn't answer to my submission via ESS at the same time.
 
These files were definitely secretly installed by the Add-On "youtube unblocker".
And this hidden Add-On was continously updated in the background until now.
 
 
See also here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1161259
 

Wow, it looks like FINALLY the culprit of this malware has been found: bug 1251911
(Yes, during the time of this bugreport I actually had YouTube Unblocker installed with version 0.6.12.)
And I was right with my earlier assumption that this hidden add-on/malware has not gotten on the system via some binary but using another add-on. So it actually _IS_ possible to download another add-on via an installed add-on and bypass the "would-you-like-to-install-this-add-on"-message. This is really scary imo!



Mozilla Bans Firefox Add-on That Tampered with Security Settings


"Rogue add-on was altering Firefox security settings"
 
The user analyzed the add-on's source code and found that the extension was altering the browser's default settings by installing a new user.js configuration file.
This file contained options that disabled Firefox's built-in add-on signing feature. This feature prevents the browser from installing unsigned add-ons that have not been tested (and signed/certificated) by Mozilla. Code signing is recent security feature added to Firefox, which Mozilla deemed necessary to prevent situations like these.
With this feature turned off, YouTube Unblocker was downloading another add-on called Adblock Converter, which Avast flagged as malware.
Things got even shadier because this add-on did not appear in Firefox's standard Add-ons page (about:addons), and it re-enabled itself as soon as the user managed to disable it when starting Firefox in Safe Mode.

"The add-on had a history of "bad behavior"

After Mozilla had investigated the user's complaint, YouTube Unblocker was removed from Mozilla's official Add-on portal. When justifying their decision, the Mozilla staff also cited another similar report from June 2015, when the add-on contained self-update code that allowed its operator to update the add-on without going through Mozilla's review process.
The add-on remains available through its homepage. Before being taken down, the add-on was installed on over 250,000 Firefox browsers. Users that want to get rid of the add-on can follow these steps provided by Ghacks.

Edited by User
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...