The Mozilla Foundation has removed an add-on from the recommended browser add-on list in Firefox’s official blog after a German security researcher Mike Kuketz discovered the software was secretly logging browser histories. The add-on is described as a service that offers extensive real-time protection.
The add-on was found to be tracking users web activity and sending data back to remote servers over unencrypted HTTP channel located in Germany. This could potentially expose users to Man-in-The-Middle attacks and spying. Web Security add-on was removed for unwarranted tracking. Upon further inspection, multiple add-ons with different features were found to run the same code, and action against these has also been taken. Later, 23 more add-ons were wiped out and disabled. All of these add-ons were suspected to be of the same person/group.
Another Reddit user suggested that there are a lot of add-ons that are collecting user’s page visits, however, when it comes to Web Security the Add-on has been sending a lot of masked data even after a user visits a domain over an unencrypted connection.
Mozilla engineer Jorge Villalobos explained in a Bugzilla update that action against these add-ons was taken not because they checked visited web pages, but that it sent more data than what seemed necessary to operate, and that some data was sent unsafely.
The add-on was developed by a German firm named Creative Software Solutions, it has over 220,000 installs and an overall rating of 4.5 of 5. The original collection included 14 add-ons which relate to privacy and security.
Raymond, uBlock Origin Developer (gorhill4) said:
“With this extension, I see that for every page you load in your browser, there is a POST to http://126.96.36.199/. The posted data is garbled, maybe someone will have the time to investigate further.”
All of the add-ons removed by Mozilla have been listed by ID number and some of the more popular ones include Browser Security, SmartTube, Popup Blocker Ultimate, DirtyLittleHelpers, YTTools and Quick AMZ.