It would be more convent to list them (with URLS). 
Yes, unfortunately text can’t be selected on the about:addons page.
1 Like
After some hours AFK, I clicked refresh on this page and two new lzpv4rsmat dot com tabs opened, though redirects were blocked by the entry I’d added to ublock origin.
Some add-ons periodically open those advertising pages to make money. They are not related to this site (or other sites).
1 Like
You’re making some progress, you can now reasonably assume that the extensions you temporarily removed are not at fault. It can be slow narrowing the suspects down, but with patience you’ll get there. 
1 Like
So there’s no chance that the extension (presumably) that’s doing this is keylogging or stealing other info?
It seems to open a tab twice a day at random times, so it could take quite a while to identify the source.
The first history entry for lzpv4rsmat is on 7/17. I don’t recall installing any new extensions, and my FF history doesn’t show that I visited addons.mozilla.org near that time, so the adware must have come with an update. Unfortunately, “View Recent Updates” in about:addons doesn’t show anything.
erosman wrote:
They are not related to this site (or other sites).
Yes, and the fact that it occurred on this page proves that it’s not caused by some other page I was visiting.
As I said, if you list the extensions you have (not an image) so that I can search and find the addon, I will check them to see which one is doing it.
Below is the list of extension names. I’ll have to add the URL’s later. In the meantime I’ll try scanning with Malwarebytes’ AdwCleaner. I also temporarily changed the default browser to be certain that FF is the source.
1-Click YouTube Video Downloader
Archive URL
AutoFill Forms
Avast Online Security
Best Proxy Switcher
Bitly
Cisco Webex Extension
Cookie AutoDelete
Copy All Tab Urls WE
Decentraleyes
Docs Online Viewer
Easy YouTube mp3
Firefox Multi-Account Containters
FoxClocks
Google search link fix
HTTPS Everywhere
Hunter
OneNote Web Clipper
Open Tabs Next to Current
Print Edit WE
Privacy Badger
Redirector
S3.Translator
Save Page WE
Screengrab!
Shorten me - URL Shortener
Social Fixer for Facebook
Sync Tab Groups
Tab Session Manager
Terms of Service; Didn’t Read
uBlock Origin
Video Speed Controller
Zoom Image
Zoom Page WE
1 Like
I had a quick look at their codes but didnt see which one was doing it.
I only checked the latest versions of the add-ons.
How come you have a mix of old legacy and new WE add-on?
1 Like
Thanks very much for checking. I cleaned up some things AdwCleaner suggested, including removing two disabled extensions, without seeing any improvement. I’m continuing the process of elimination.
How come you have a mix of old legacy and new WE add-on?
I’m not sure which are the old legacy addons. In general I kept the extensions that I could when I upgraded to Quantum.
Hey, I have the same problem that started happening recently with the exact same "lzpv4rsmat " link that redirects. I checked your addons and the only one I found in common with me (aside from uBlock) is “Easy YouTube mp3”. I believe that’s the cause of this, and I suggest you to disable it as I’ll be doing so too
1 Like
How could an extension apparently removed from addons.mozilla.org continue to be updated in FF?
In my FF I’ve now disabled “Easy YouTube mp3” “2.3.1.0” “By Daniel Lehr (haftungsbeschraenkt)” “Last Updated July 6, 2018.” Though about:addons doesn’t give any indication of this, “Easy YouTube mp3” is no longer at https://addons.mozilla.org/en-US/firefox/addon/easy-youtube-mp3.
Currently “Easy YouTube mp3 Add-on” (with “Add-on”) “by Theveloper,” “Version 1.3” is at https://addons.mozilla.org/en-US/firefox/addon/easy-youtube-mp3-addon/.
Easy YouTube mp3 is definitely the culprit, I’ve been having the same problem for a few days now until I found this thread, it’s the one addon that we have in common, I removed it and I haven’t seen the tab opening since. Thanks.
2 Likes
I was actually the one that rejected that addon. I guess it would be useful to check installed add-on pages every now and then to and check their state and read reviews.
1 Like
For future reference, if you go to the Help menu and choose Troubleshooting Information and then scroll down, there’s a list of your extensions there that you can copy/paste from.
2 Likes
I was actually the one that rejected that addon.
Did you reject the July 6th update, but it was installed anyway? Shouldn’t rejected updates be blocked from being installed?
Apparently hijacking previously benign addons is common. “A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware” per https://www.bleepingcomputer.com/news/security/-particle-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware/:
Thanks!
I don’t think an extension can update to a nonexistent version, but unless a block is deployed, it won’t be disabled or rolled back, either. Extensions have to be nominated for blocking through a separate process from review.
Version 2.3.1.0 · July 5, 2018 had a feature to “ask for feedback” every 7 days. That included opening the lzpv4rsmat(dot)com
Currently that does not result in automatic rejection and it is left to users to decided if the monetization system deployed by an add-on is desirable or not.
Version 2.3.2 · July 13, 2018 had more serious issues and was rejected the same day. Developer deleted his/her account after that.
Once all version of an add-on are rejected, the add-on will no longer update but it remains on users computers. If an add-on is blocked for serious issues (a totally different process by Admin) then it will be disabled on users’ Firefox as well.
1 Like
Reported: 14 years ago
The problem with this approach is that it’s extremely time-consuming for a user to determine which add-on is opening the new tab. There should be an easier way than process of elimination to detect monetization systems that are added in an update, especially when they can open tabs intermittently rather than when the add-on is actually used.
What’s the best way to submit this concern, since it’s not bug per se?