Could we be leaving signed addons around that may be misused form third party sites ?
I may be wrong in some of my presumptions here, but this may remain a valid question to ask.
Someone was asking elsewhere about an apparent Firefox Search hijack.
In that instance the addon was shown as:
Searchme 2.5 (searchme@mybrowserbar.com)Now I have no reason to think this is the same addon as
SearchMe 0.7.1.1-signed
by Video Communication [this][2]
However the signed addon has few users and the two reviews a & b suggest this is a browser hijacker.
Is there a possibility leaving such signed addons around opens a backdoor to those addons being hosted elsewhere and used as malware. Users may inadvertently download and install such addons from third party sites. The addons will already be signed.
In relation to the above mentioned addon
- How and why did that addon get approved in the first place ?
If it does indeed act as a browser hijacker, as the reviews suggest. - Do we have any requirements that the support and home sites displayed on addons.mozilla.org are correct ?
(I am not sure they are for this particular addon)
Toolbars or PUPs with similar names and functions may not have a good reputation see for example http://malwaretips.com/blogs/remove-searchme-toolbar/