MozillaZine

Recommended Extensions.

Discussion about official Mozilla Firefox builds
streetwolf

User avatar
 
Posts: 2431
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Post Posted September 18th, 2019, 10:23 am

Looks like 99+% of Extensions are no longer being vetted except for the Recommended ones. This kind of opens the door for maliciousness don't you think?

Recommended Extensions program | Firefox Help
Intel Core i9-9900K@5.1GHz | Gigabyte Z390 AORUS MASTER | Corsair 1000W PSU | Corsair H115i CPU Cooler | Corsair 32GB RAM | EVGA RTX 2080 Ti FTW3 11GB | BenQ PD3200U 32" 4K LCD | 3-512GB Samsung 970 PRO NVMe | 2TB Samsung 860 EVO | 1TB Sabrent Rocket NVMe| Windows 10 Pro | FIOS 1Gb

therube

User avatar
 
Posts: 20061
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted September 18th, 2019, 1:06 pm

Certainly.

But they don't care.
https://blocked.cdn.mozilla.net/

Oh, & as far as "blocking" (removal) is concerned, unless someone happens to report that an extension is doing something malicious, no one is ever the wiser. So if you don't (report) & I don't (report) ... (Not to mention that we have to understand that something is not right.)


AdGuard reporting 2 Fake Adbockers AdBlock and UBlock
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Mouse4
 
Posts: 655
Joined: December 27th, 2017, 4:03 am
Location: Australia

Post Posted September 18th, 2019, 5:02 pm

i think you pretty much summed it up, Mozila really dont care , i guess you could ask, why did Mozilla bother doing webextension? why not just leave XUL there

bjherbison
 
Posts: 862
Joined: October 6th, 2003, 5:40 am
Location: Bolton, MA, US

Post Posted September 19th, 2019, 2:15 am

streetwolf wrote:Looks like 99+% of Extensions are no longer being vetted except for the Recommended ones. This kind of opens the door for maliciousness don't you think?

I'm not sure how you reach that conclusion. There was no reduction in the resources to review add-ons when the Recommended program was created. In fact a new person started doing code reviews recently. The statements on the page just reflect a risk to users that has existed for a while.

The big change happened years ago when full code review before listing add-ons went away. (I don't know the date--I wasn't involved in add-on reviews at that time.)

therube wrote:Oh, & as far as "blocking" (removal) is concerned, unless someone happens to report that an extension is doing something malicious, no one is ever the wiser.

A report is useful when something slips by, but every new add-on gets at least a quick review before being available on addons.mozilla.org. There is a 24-hour delay in new listings to allow this to happen. This was a change made a few months ago, mostly in response to dozens of fake "Flash Player" add-ons (and the same malware under different names) being listed daily. In the weeks just before the change I spent hours daily (even on vacations) rejecting fake flask players.

Code reviews don't happen in that time frame (as they haven't for a long time) but if someone submits known malware it gets caught. I rejected several malicious add-ons yesterday.

(I'm one of the volunteers who helps review add-ons. My primary role is to encourage better descriptions, but i also weed out some add-ons that don't meet the requirement for listing--including any malware I identify. Anything that claims to be "Flash Player" is an easy rejection.)

Edit: adding a missing quote.

morat
 
Posts: 3441
Joined: February 3rd, 2009, 6:29 pm

Post Posted September 19th, 2019, 6:23 am

I wish browser companies didn't allow extensions that use obfuscated and minified code. Even if the developer has a link to the code on GitHub, many times it's really old code.

I really don't trust nativeMessaging extensions like...

Open in VLC media player
http://addons.mozilla.org/firefox/addon/793037

Mozilla wrote:Please note that Mozilla has not vetted or reviewed the complementary app. You should approach the installation of the complementary app with the same caution you would apply when installing any third party software from the internet.

Exchange messages with programs other than Firefox
http://support.mozilla.org/en-US/kb/per ... an-firefox

streetwolf

User avatar
 
Posts: 2431
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Post Posted September 19th, 2019, 7:34 am

Based on what I read and my interpretation only Recommended Extensions are examined thoroughly. It even says that non-Recommended extensions should be used with caution. As you can see for yourself there aren't many Recommended Extensions at the moment. Maybe 50 or so.
Intel Core i9-9900K@5.1GHz | Gigabyte Z390 AORUS MASTER | Corsair 1000W PSU | Corsair H115i CPU Cooler | Corsair 32GB RAM | EVGA RTX 2080 Ti FTW3 11GB | BenQ PD3200U 32" 4K LCD | 3-512GB Samsung 970 PRO NVMe | 2TB Samsung 860 EVO | 1TB Sabrent Rocket NVMe| Windows 10 Pro | FIOS 1Gb

DN123ABC
 
Posts: 495
Joined: January 9th, 2017, 10:10 am

Post Posted September 19th, 2019, 7:38 am

Here's what I get from Nightly Tester Tools:

Adblock Plus - free ad blocker 3.6.3
Amazon.com 1.1
Bing 1.0
Disable HTML5 Autoplay 2018.10.3
Dormancy 3.4.3 [DISABLED]
DuckDuckGo 1.0
Duplicate Tabs Closer 3.4.1 [DISABLED]
Firefox Lightbeam 2.1.0 [DISABLED]
Forecastfox (fix version) 4.23 [DISABLED]
Google 1.0
HTTPS Everywhere 2017.10.4.1337 [DISABLED]
Nightly Tester Tools 4.0
NoScript 11.0.3rc3
S3.Translator 6.19 [DISABLED]
Tab Counter 0.4.1
Tabliss 1.18.2
Tabs manager 1.7
Twitter 1.0
Wikipedia (en) 1.0
eBay 1.0

morat
 
Posts: 3441
Joined: February 3rd, 2009, 6:29 pm

Post Posted September 19th, 2019, 12:29 pm


therube

User avatar
 
Posts: 20061
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted September 19th, 2019, 12:45 pm

(Only 1 year ago) Tim made some very good comments, https://forums.informaction.com/viewtopic.php?p=98476.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

therube

User avatar
 
Posts: 20061
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted September 19th, 2019, 12:49 pm

____________ is a Recommended extension

Fill in the blank.
When there is nothing worthwhile, & you "recommend", well, you take what you can get.

Oh, & then were the times that "they" (some Mozilla blog writer) "recommended" malware.
(And other times where some Mozilla blog writer wrote about extensions that didn't even work properly. IOW, he never even bothered to install the extension to what it did. But he was "qualified" to write about it... And on, & on, & on.

And of course, there were the days when Mozilla was vibrant, where company, & employees, & community all worked together... Alas.)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

bjherbison
 
Posts: 862
Joined: October 6th, 2003, 5:40 am
Location: Bolton, MA, US

Post Posted September 19th, 2019, 4:17 pm

morat wrote:I wish browser companies didn't allow extensions that use obfuscated and minified code. Even if the developer has a link to the code on GitHub, many times it's really old code.

Mozilla no longer allows obfuscated code for new add-ons or updated versions. Minified is still allowed. (I'm not involved in setting the policies.)

When a code review is done it is based on submitted code, not any link to GitHub or another site. (But I don't think the code in the links is ever compared to the submitted code.)

therube

User avatar
 
Posts: 20061
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Post Posted September 25th, 2019, 12:24 pm

a Recommended extension

And the Pro & the Ultimate & the Plus & the one for Firefox & the Nano (for those very small issues) & the u & the Smart & the Easy.

(July 25, 2019)
Mozilla recommends a Firefox extensions that appears to be a copycat

(September 25, 2019)



(Who knows, maybe this is a different "Ultimate"?)
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript

Return to Firefox Builds


Who is online

Users browsing this forum: Josa and 3 guests