Potentially Mallicious Add-on

(GraemeL) #1

I’v been using the add-on Repoen Closed Tabs for a few months, but after a recent update I noticed that it has started injecting heavily obfuscated javascript from https://www.object.center/tabs/index.js into every page.

uMatrix has stopped the code from ever being executed on my machine, but I’m worried about what it is.

Is this the best place to report this or can somebody direct me to the appropriate place?

(jscher2000) #2

It’s difficult to see because (at least for me) it’s black text on a gray button, but if you look for the row of stars on the left side of an add-on’s page, below it there is a “Report this add-on for abuse” button. It probably needs some styling love.

(jscher2000) #3

Meanwhile, you definitely should remove that extension. It requires ridiculously excessive permissions for what it does, and appears to intercept requests and modify pages.

It is a copy & modify of this one that doesn’t need access to page content or the ability to intercept requests:

And of course, if you can live with the inconvenience, you can access the Recently Closed Tabs list from the History menu, without an add-on, using either:

  • Classic menu bar > History
  • “3-bar” menu button > Library > History
  • Library toolbar button > History

(GraemeL) #4

It was actually pretty obvious on my screen once you pointed it out. I spent too long looking for something at the foot of the page before posting here.

Thanks, I’ve reported it to AMO.

Thanks for the suggestion. I had already removed it and installed Undo Close Tab after I had grabbed they payload location from uMatrix logs.