Malicious add-on: Enabling/Reinstalling without user permission


(Jane) #1

Found some very malicious behavior from a Firefox add-on.

McAfee WebAdvisor / SiteAdvisor denies users choice and control of Firefox by continuously:

  • Bypassing Firefox’s user permissions mechanisms to automatically enable its browser add-on without user interaction
  • Automatically re-installing and re-enabling (again bypassing user permissions) its Firefox add-on after the user has disabled or removed the add-on from Firefox

Download and install the software: https://www.mcafee.com/consumer/en-us/site-configurations/external-link/product/webadvisor-freedownload.html

Steps to reproduce automatic enabling of the add-on:

  1. Install McAfee WebAdvisor.
  2. Open Firefox to verify that the WebAdvisor browser add-on has been installed (but not yet enabled) in the browser. Close the browser.
  3. Simulate that 30 days have past;
    • Move the system clock forward 30 days.
    • Restart the “McAfee SiteAdvisor Service” Windows service.
  4. Open Firefox to verify that the WebAdvisor browser add-on has been automatically enabled.
    • Firefox: Bypasses the user enabling the add-on in the Add-ons window/panel

Steps to reproduce automatic reinstall and enabling of the Firefox add-on:

  1. Open Firefox and disable the add-on.
  2. Simulate that 30 days have past;
    • Move the system clock forward 30 days.
    • Restart the “McAfee SiteAdvisor Service” Windows service.
  3. Open Firefox to verify that the WebAdvisor add-on has been automatically reinstalled and enabled.