Mozilla today removed 23 Firefox add-ons after remarking that they recorded user information and then sent them to a remote server. The list of add-ons includes "Web Security" an add-on with more than 220.000 thousands of active users, which was the first of many to be captured and send user data to a server in Germany.
Rob Wu, a Mozilla engineer, confirms that he was investigating how the add-on works, and that he considered it malicious and dangerous to remove it.
Rob's curiosity moved one comment read in Reddit, and voluntarily proceeded to research the source code of the add-on, confirming that the data was being sent to a third party.
Then, using it webextaware, searched all publicly available Firefox add-ins, and analyzed them to check for similar patterns. With this method we discovered other 20 add-ons that work the same way.
Rob reported his findings, and Mozilla not only removed the add-ons from its base, but also disabled the already active installations of these add-ons by all of its browser users.
The list of all Firefox extensions that have been disabled can be found below:
Download & Adblocker Smarttube
Facebook Bookmark Manager
Facebook Video Downloader
YouTube MP3 Converter & Download
Smarttube - Extreme
Self Destroying Cookies
Popup Blocker Pro
YouTube - Adblock
Auto Destroy Cookies
Amazon Quick Search