Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code.
The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them.
The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server.
According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem.
A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).
But there were also bans for malicious behavior. Mozilla reviewers banned 30 add-ons that exhibited various types of malicious behavior.
Mozilla listed only the add-on IDs, not their names, so add-on developers can appeal the ban and remove the malicious behavior. One add-on who passed the appeal process was the Like4Like.org Addon, initially believed to be collecting and submitting user credentials or tokens of social media websites to another website.
Other shady behavior was spotted in the FromDocToPDF add-on, which Mozilla engineers said was loading remote content into Firefox's new tab page.
A Firefox add-on named Fake Youtube Downloader was also banned for attempting to install other malware in users' browsers.
Add-ons like EasySearch for Firefox, EasyZipTab, FlixTab, ConvertToPDF, and FlixTab Search were banned for intercepting and collecting user search terms, a clearly bannable offense.
Last, but not least, Mozilla's security staff also banned a batch of two, nine, and three add-ons that were caught using obfuscated code, a technique through which add-on developers make their code hard to read, for the purpose of hiding malicious behavior.