Mozilla and Google crack down on malicious and abusive browser extensions

Enlarge (credit: Mozilla)

Mozilla and Google are cracking down on malicious and abusive extensions available for the Firefox and Chrome browsers, respectively. The moves come in response to the recent detection of add-ons that turned out to violate the browser maker's policies, despite review processes designed to weed out wares that are malicious or have the potential to be malicious.

The most significant move was Mozilla's ouster over the past month of almost 200 extensions. The majority of them—129, to be exact—were developed by 2Ring, a maker of business software. There's no evidence the extensions were malicious, but Mozilla officials found they executed code hosted on a remote server, in violation of Mozilla policies. The representative added that current installations aren't affected and users who want to install an extension can still do so manually.

A 2Ring representative said that company officials have contacted Mozilla about the move and are awaiting a response. The representative added that the extensions, which businesses use to integrate select CRM systems with apps installed in customer contact centers, interact only with user white-listed applications specified in extension's configuration.

Read 10 remaining paragraphs | Comments

via Biz & IT – Ars Technica https://ift.tt/2RJRtUd