Jump to content
Sign in to follow this  
Guest_Jim_*

Four Firefox Extensions Removed After Reports of Data Harvesting

Recommended Posts

Four Firefox extensions have been removed by Mozilla from its repository following reports of data collection from Wladimir Palant, the creator of the Adblock Plus extension. The extensions are Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice, and as Avast owns AVG it is understandable that these extensions are related. The reason Palant reported them is he discovered the two Online Security extensions were collecting what amounts to your browsing history and sending it to Avast servers, and after checking the SafePrice extensions he found the same behavior. Such data collection is against the terms Mozilla has for extension developers, as it is for Google too but while Mozilla has removed the extensions, Google has not yet done the same for its Chrome Webstore. The extensions are also available from the Opera Add-ons site, so Palant has sent a report there as well.

In Palant's two blog posts on the matter he explains that some amount of data collection can make sense, for some cases for extensions meant to report when you are visiting a compromised or malicious website. Such extensions would work by checking a list of known malicious sites and then reporting the result, but these extensions were collecting far more information than necessary. Palant found the full URL, referring webpage and your country code, amongst other pieces of information, were all being sent to the Avast servers, potentially allowing for your browser history to be reconstructed.

At the moment, Mozilla has only disabled the listing of the extensions, but they have not been blacklisted. This means they can remain active for those who already have the extensions installed, but no one should be able to find and install them from the extension repository. Palant states Mozilla is talking with Avast about this, which is why the extensions have not been blacklisted.

Source: ZDNet, Palant.de [1] and [2] (Initial discovery)



Back to original news post

Share this post


Link to post
Share on other sites
Sign in to follow this  

×