Firefox: Disconnect automatically replaced with a phony addon [clean system otherwise]

Discussion in 'malware problems & news' started by ravenise, May 27, 2018.

  1. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    38
    I noticed the user interface in disconnect totally changed in my firefox browser. It had a clean vertical column listing only google, facebook, twitter, and a few other websites; It was completely different than the original. I should have took a screenshot and backed up the extension but failed to do so. I uninstalled the addon and re-installed it from firefox's website; it immediately went back to normal. I confirm signature checks was enabled. I'm curious what kind of security firefox implements. I know its supposed to only allow signed addons, but does it go one step further and do regular hash checks to ensure they have not been replaced with malware? I believe this will be a necessary step in order to mitigate against many zero day threats or vulnerabilities within browser signature verification systems.

    I was using the latest 61.0b8, 64 bit on windows 7.
     
    Last edited: May 28, 2018
  2. ravenise

    ravenise Registered Member

    Joined:
    Jul 18, 2009
    Posts:
    38
    A simple addon could do this automatically very quickly and easily, by downloading the latest preferably at semi random intervals, and comparing hashes; if the hashes are not already available on firefoxes own addons page.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,961
    Location:
    The Netherlands
    Are you sure it wasn't some kind of malfunction? I never saw something like this before. I do know that FF doesn't allow extensions to be installed from non trusted sites, and you can also configure it to only manually update extensions. In Chrome, Opera and Vivaldi, extensions can update automatically and they can even show pop-ups.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.