Mozilla Removes 23 Firefox Add-Ons That Snooped on Users

Mozilla removed today 23 Firefox add-ons that snooped on users and sent data to remote servers, a Mozilla engineer has told Bleeping Computer today.

The list of blocked add-ons includes “Web Security,” a security-centric Firefox add-on with over 220,000 users, which was at the center of a controversy this week after it was caught sending users’ browsing histories to a server located in Germany.

At the time, Mozilla engineers said they would review the add-on’s behavior. But following the initial report, several users reported other add-ons exhibiting similar data collection patterns, some of which sent data to the same server where “Web Security” was also sending information.

Mozilla follows through on the promised investigation

“The mentioned add-on has been taken down, together with others after I conducted a thorough audit of [the] add-ons,” Rob Wu, a Mozilla Browser Engineer and Add-on review, told Bleeping Computer via email.

“These add-ons are no longer available at AMO and [have been] disabled in the browsers of users who installed them,” Wu said.

A bug report includes the list of all 23 add-ons removed today in Mozilla’s purge. The bug report lists the add-ons by their IDs, and not by their names, although Bleeping Computer has been able to track down the names of some add-ons.

Besides Web Security, other banned add-ons include Browser Security, Browser Privacy, and Browser Safety. All of these have been observed sending data to the same server as Web Security, located at

Other banned add-ons include Popup Blocker and Quick AMZ, but also add-ons developed by users YTTools, FBTools, DirtyLittleHelpers, and CSS IO. We’re still working on identifying the names of the other add-ons.

Offending add-ons have been disabled in users’ browsers

After a quick test, true to its word, Mozilla has disabled the Web Security add-on in a Firefox instance Bleeping Computer used yesterday for tests. Users of any of the banned add-ons will see a warning like this: