Found some very malicious behavior from a Firefox add-on.
McAfee WebAdvisor / SiteAdvisor denies users choice and control of Firefox by continuously:
- Bypassing Firefox’s user permissions mechanisms to automatically enable its browser add-on without user interaction
- Automatically re-installing and re-enabling (again bypassing user permissions) its Firefox add-on after the user has disabled or removed the add-on from Firefox
Download and install the software: https://www.mcafee.com/consumer/en-us/site-configurations/external-link/product/webadvisor-freedownload.html
Steps to reproduce automatic enabling of the add-on:
- Install McAfee WebAdvisor.
- Open Firefox to verify that the WebAdvisor browser add-on has been installed (but not yet enabled) in the browser. Close the browser.
- Simulate that 30 days have past;
- Move the system clock forward 30 days.
- Restart the “McAfee SiteAdvisor Service” Windows service.
- Open Firefox to verify that the WebAdvisor browser add-on has been automatically enabled.
- Firefox: Bypasses the user enabling the add-on in the Add-ons window/panel
Steps to reproduce automatic reinstall and enabling of the Firefox add-on:
- Open Firefox and disable the add-on.
- Simulate that 30 days have past;
- Move the system clock forward 30 days.
- Restart the “McAfee SiteAdvisor Service” Windows service.
- Open Firefox to verify that the WebAdvisor add-on has been automatically reinstalled and enabled.