Firefox is down bad right now. I have used it steadily for 20 something years now, and the cracks are really apparent now. It's also likely that Google will be forced to stop giving Mozilla money for Firefox, leaving little hope for continued development.
Partially off topic, but youtube ads for me are currently 70% out and out scams - deepfaked tv personalities telling you about some government scheme where every person gets £20,000 cash.
This headline has been editorialized, contrary to HN guidelines, and it's also inaccurate. The actual headline of the story is "Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons".
The story is about a phishing campaign directed at extension developers, not about the extension "store" (which is not really a store and doesn't sell anything), being "flooded" with malware.
With browser extensions becoming new attack vectors, we need some reliable way to determine if they're running suspicious or malicious code in them before they're able to deploy. It seems like not even Google can properly vet their extension before they're added to the extensions store.
The only way I've found to try and detect these as an end user is by using an extension called Under New Management [1], which attempts to alert you if a browser extension has changed ownership, at which point you can pretty much assume they've been compromised.
Other than that, I know of no way to attempt to detect these malicious and problematic extensions. If anyone has any suggestions, please share them.
7 comments
[ 2.1 ms ] story [ 42.7 ms ] threadWonder if the activity is related.
This might actually be the end of FF.
Even the closed ecosystems are infected.
The story is about a phishing campaign directed at extension developers, not about the extension "store" (which is not really a store and doesn't sell anything), being "flooded" with malware.
The only way I've found to try and detect these as an end user is by using an extension called Under New Management [1], which attempts to alert you if a browser extension has changed ownership, at which point you can pretty much assume they've been compromised.
Other than that, I know of no way to attempt to detect these malicious and problematic extensions. If anyone has any suggestions, please share them.
[1] https://github.com/classvsoftware/under-new-management