One of 30 extensions is likely intermittently hijacking tabs

(erosman) #13

I had a quick look at their codes but didnt see which one was doing it.
I only checked the latest versions of the add-ons.
How come you have a mix of old legacy and new WE add-on?


Thanks very much for checking. I cleaned up some things AdwCleaner suggested, including removing two disabled extensions, without seeing any improvement. I’m continuing the process of elimination.

How come you have a mix of old legacy and new WE add-on?

I’m not sure which are the old legacy addons. In general I kept the extensions that I could when I upgraded to Quantum.

(Issalfarstafr) #15

Hey, I have the same problem that started happening recently with the exact same "lzpv4rsmat " link that redirects. I checked your addons and the only one I found in common with me (aside from uBlock) is “Easy YouTube mp3”. I believe that’s the cause of this, and I suggest you to disable it as I’ll be doing so too


How could an extension apparently removed from continue to be updated in FF?

In my FF I’ve now disabled “Easy YouTube mp3” “” “By Daniel Lehr (haftungsbeschraenkt)” “Last Updated July 6, 2018.” Though about:addons doesn’t give any indication of this, “Easy YouTube mp3” is no longer at

Currently “Easy YouTube mp3 Add-on” (with “Add-on”) “by Theveloper,” “Version 1.3” is at

(Olifak) #17

Easy YouTube mp3 is definitely the culprit, I’ve been having the same problem for a few days now until I found this thread, it’s the one addon that we have in common, I removed it and I haven’t seen the tab opening since. Thanks.

(erosman) #18

I was actually the one that rejected that addon. I guess it would be useful to check installed add-on pages every now and then to and check their state and read reviews.

(Justdave) #19

For future reference, if you go to the Help menu and choose Troubleshooting Information and then scroll down, there’s a list of your extensions there that you can copy/paste from.


I was actually the one that rejected that addon.

Did you reject the July 6th update, but it was installed anyway? Shouldn’t rejected updates be blocked from being installed?

Apparently hijacking previously benign addons is common. “A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware” per


(jscher2000) #21

I don’t think an extension can update to a nonexistent version, but unless a block is deployed, it won’t be disabled or rolled back, either. Extensions have to be nominated for blocking through a separate process from review.

(erosman) #22

Version · July 5, 2018 had a feature to “ask for feedback” every 7 days. That included opening the lzpv4rsmat(dot)com
Currently that does not result in automatic rejection and it is left to users to decided if the monetization system deployed by an add-on is desirable or not.

Version 2.3.2 · July 13, 2018 had more serious issues and was rejected the same day. Developer deleted his/her account after that.

Once all version of an add-on are rejected, the add-on will no longer update but it remains on users computers. If an add-on is blocked for serious issues (a totally different process by Admin) then it will be disabled on users’ Firefox as well.

(B.J. Herbison) #23

Reported: 14 years ago


The problem with this approach is that it’s extremely time-consuming for a user to determine which add-on is opening the new tab. There should be an easier way than process of elimination to detect monetization systems that are added in an update, especially when they can open tabs intermittently rather than when the add-on is actually used.

What’s the best way to submit this concern, since it’s not bug per se?

(erosman) #25

@caitmuenster should be able to advise on this issue.

(Mpj220) #26

My bet goes to “1-Click YouTube Video Downloader”

I have the same thing happening to me. Multiple tabs opening, fake flash update tabs.
All are usually identified by Norton or Malwarebytes and are blocked.

This is my work PC and I have all of 2 add-ons. Adblock plus and 1-Click YouTube Video Downloader.

I just deleted the possible offender.


@caitmuenster brought this up at a team meeting, then replied:

If you look at each extension listing on, you might be able to narrow down which extension is the culprit to the ones that use the ‘new tab’ permission. Otherwise, process of elimination is the best way to identify the extension causing the unwanted behavior.

We currently don’t have a policy against this kind of behavior, but it’s something we might discuss more in the future if we see more users complaining about a poor experience.


Removing it stopped new tabs from opening for a week. When I removed it I installed “YouTube mp3 Downloader” from author “YouTube Download Tool” (there’s more than one “YouTube mp3 Downloader”), which requests no malicious permissions per

Today however a tab opened to addonbrowser dot com/youtube-mp3-download?v=3.0.0&type=install that was flagged by Avast as potentially harmful, advertising “Mp3 Downloader for Youtube.”

A new window also popped open to www.pc.error2323219459ausmsauthcombof0807 “dot”… with a “** YOUR COMPUTER HAS BEEN BLOCKED.**” message and an 877 number to call. It came with a repeating authentication popup “http://www.winsupporthelp “dot” club is requesting your username and password” that was impossible to dismiss without restarting FF.

(Mittineague) #29

This is very serious. A majority of so called “help” sites ask the unwary for access to their OS, and once given can do all manner of badness.

Have you done a full scan of your computer? It sounds like this may have less to do with any plugin and more to do with your computer being infected.


I’ve run scans with Malwarebytes and Avast. I’ve just changed my default browser to MS Edge (again) so I can be sure, and I’ll report back if Edge is opened. However, there’s no policy against extensions doing this:


I disabled “YouTube mp3 Downloader” and haven’t seen an ad in a couple of days. I now see reviews for the addon that say: “tries to open scam pages and phishing pages” (2 days ago) and “…and it’s been opening ads in my browser. Deleted and ads are gone.” (13 days ago).

“YouTube mp3 Downloader” isn’t shown to use the “new tab” permission.


“YouTube mp3 Downloader” from author “YouTube Download Tool” appears to be the source of the malicious popup since it hasn’t appeared since I disabled that extension.