Web Security Firefox Add-on is Secretly Collecting User’s Browser History

The Mozilla Foundation has removed an add-on from the recommended browser add-on list in Firefox’s official blog after a security researcher discovered the software was secretly logging browser histories. The add-on is described as a service that offers extensive real-time protection.

How many users are affected?

The Add-On was developed by a German firm named Creative Software Solutions, it has over 220,000 installs and an overall rating of 4.5 of 5. The Mozilla Foundation has included the addon in their recommended list as posted last week. The original collection included 14 add-ons which relate to privacy and security, the company has removed the “Web Security” Add-on since the Mozilla foundation came to know of their activities.

Raymond, uBlock Origin Developer (gorhill4) said:

“With this extension, I see that for every page you load in your browser, there is a POST to http://136.243.163.73/. The posted data is garbled, maybe someone will have the time to investigate further.”

Another Reddit user suggested that there are a lot of add-ons that are collecting user’s page visits, however when it comes to Web Security the Add-on has been sending a lot of masked data even after a user visits a domain over an unencrypted connection.

“The visited URL as well as the previously visited domain are transmitted,” Kuketz said. “And since this also happens unencrypted (without HTTPS or TLS), virtually anyone can cut the traffic and bring it into its original form.”

Status of the Issue.

Users are asked to disable the Add-on in their Firefox browser. A spokesperson from Mozilla said that they have received user’s concerns about the Web Security extension and they are investigating the issue. The add-on has been temporarily blocked from the Firefox Add-on Store as part of the investigative process.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil