Addons and trojans/spyware concern
Malorkus
hundred thousand downloads total). Recently someone emailed me, asking
to "buy" my addon. He specifically wrote, "When I say buying it I mean
the website, and brand name, existing users of the add-on etc". It
seems a strange request, and it occurs to me that this would be an
easy way to slip a trojan or spyware to tens of thousands of Firefox
users very quickly-- gain control of an established addon (but perhaps
avoid the most popular ones, which are scrutinized more closely), add
some malicious code, and release it as a new version, automatically
pushed to users by Mozilla's autoupdate. The only thing standing in
the way is the AMO addon testers finding hidden malicious code, which
is not something they are trained to do, as far as I know. Has anyone
else been approached like this? Are there any safeguards in place to
stop
Rey Bango
Every update that occurs to an add-on is reviewed for various security vectors that are known to allow malicious content. In addition, every add-on is scanned using updated anti-virus software. Finally, if we do encounter an add-on that is knowingly distributing malicious content, we can blocklist it entirely to protect all Firefox users.
If you do decide to sell GeckoTIP or Grab and Drag, we'd appreciate a heads up so we can ensure that the new owner continues to develop the add-on to the same quality that you have.
Thanks for asking.
Rey...
Mozilla
_______________________________________________
dev-amo mailing list
dev...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-amo
easyge...@gmail.com
>
>
Hi Malorkus,
I've been approched for my extension too. I asked one week ago why he
was interested in buying the brand name and the website. No response
since.