01-23-2014 12:42 PM
Firefox add-ons "more difficult" to hijack than Chrome
By Shona Ghosh
Posted on 21 Jan 2014 at 10:34
Mozilla has claimed it's difficult to hijack Firefox browser add-ons to serve ads, after Google was forced to pull two Chrome extensions that began spamming users.
Google removed the "Add to Feedly" and "Tweet this Page" extensions from the Chrome web store this week, after they were bought by third parties and quietly updated to inject ads into web pages.
But Mozilla said it was more difficult to introduce silent updates for Firefox add-ons than it appears to be for Chrome extensions.
"For add-ons hosted on addons.mozilla.org, all version updates are code reviewed and tested by a member of our review team, and it needs to pass all of our review policies to be pushed to users via auto-update," a Mozilla spokesperson said. "One such policy is that all unexpected changes, such as advertising, needs to be explicitly opt-in."
"This all makes it more difficult for this kind of hijacking to be effective for add-ons listed on Mozilla Add-ons," she added.
The issue has reportedly affected Firefox, however. An investigation by tech site Ghacks found at least one extension, AutoCopy, had been bought by a company called Wips, which then introduced ads through an update - slipping past Mozilla's review processes.
Webroot SecureAnywhere Complete Beta Tester v220.127.116.11, imaged by Macrium Reflect v6.2