From Newsgroup: alt.comp.software.firefox

There is a list of many of these bummer malware extensions on this page

https://www.ghacks.net/2025/07/09/security-researchers-uncover-network-of-malicious-firefox-extensions/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

will@kearney.net wrote:

There is a list of many of these bummer malware extensions on this page

https://www.ghacks.net/2025/07/09/security-researchers-uncover-network-of-malicious-firefox-extensions/

I sampled a few against the "reviewed by mozilla" add-ons lookup and
none were reviewed, if you ignore the warning

"This add-on is not actively monitored for security
by Mozilla. Make sure you trust it before installing."

you deserve what you get ...

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

will@kearney.net Wrote in message:

There is a list of many of these bummer malware extensions on this page

<https://www.ghacks.net/2025/07/09/security-researchers-uncover-network-of-malicious-firefox-extensions/>

Koi Security also just published lists of compromised Chrome
Extensions: <https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5>

I expect many are the same.
--
Remove numerics from my email address.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Andy Burns <usenet@andyburns.uk> Wrote in message:

will@kearney.net wrote:

There is a list of many of these bummer malware extensions on this page

https://www.ghacks.net/2025/07/09/security-researchers-uncover-network-of-malicious-firefox-extensions/

I sampled a few against the "reviewed by mozilla" add-ons lookup and
none were reviewed, if you ignore the warning

"This add-on is not actively monitored for security
by Mozilla. Make sure you trust it before installing."

I /think/ that the only add-ons that don't have that warning are
'Recommended' ones and those written by Firefox. <https://support.mozilla.org/en-US/kb/add-on-badges>

Can you find any exceptions? Presumably addons with few users will
not be _actively monitored_ so will always carry that
warning.

All addons are scanned when uploaded or updated. At least one of
mine has been subsequently reviewed by a human. (It
failed!)
--
Remove numerics from my email address.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.software.firefox

Andy Burns <usenet@andyburns.uk> wrote:

will@kearney.net wrote:

There is a list of many of these bummer malware extensions on this page

https://www.ghacks.net/2025/07/09/security-researchers-uncover-network-of-malicious-firefox-extensions/

I sampled a few against the "reviewed by mozilla" add-ons lookup and
none were reviewed, if you ignore the warning

"This add-on is not actively monitored for security
by Mozilla. Make sure you trust it before installing."

you deserve what you get ...

Well yes for cryptocurrency wallets, which the affected extensions
were, trusting any old software (browser extension or otherwise) is
obviously ill-advised.

Less obvious ones do exist too. A relative once presented me with
a Chrome browser which randomly opened tabs at porn sites while
browsing (yes really, that wasn't just his excuse!). It turned out
to be an innocent-looking "notepad" extension doing that.

Still, much better than being locked into only having the
functionality which browser developers build in or approve.
--
__ __
#_ < |\| |< _#
--- Synchronet 3.21a-Linux NewsLink 1.2