Firefox's protection against silent extension installations can be bypassed
Modifications to the Firefox browser by third party applications, often in the form of adware offers in program installers or by security software, is something that users of the browser had to cope with for a long time. Mozilla some time ago added protection to the browser to prevent that extensions installed by third party programs are enabled by default. Firefox users are prompted whenever the browser recognizes a silent installation to give users the choice to either enable the extension if it is wanted or keep it turned off if it is not.
What the browser does in the background is check all installed extensions, usually found in the extensions folder of the profile folder but also sometimes in other locations, against the content of the extensions.sqlite file. Warnings are shown if extensions are found but not listed in the sqlite file.
Researchers at Zscaler have found a way to bypass the notification message that Firefox normally displays to its users. All that it takes actually is to add information about the silently installed extension to the extensions.sqlite file so that it won't trigger Firefox's protection. The end result is that the extension gets installed and enabled in the browser without notification.
The extensions.sqlite file is a database that contains information about each installed extension including its name and version, whether it is enabled or not, and whether it has been installed from Mozilla's Firefox Add-ons repository or by a third party.
The developers have released demo code that will install an extension silently into Firefox profiles when executed. The researchers suggest to create a new profile to test the method in Firefox.
They have also released a demo video that highlights the whole process.
It is unlikely that the majority of adware offers will abuse the loophole to install themselves silently on the system. Creators of malicious software on the other hand may use it to plant their extensions in the Firefox browser without the user knowing about it. Users can only find out about silently installed extensions if they check the add-ons listing of the browser by loading about:addons in it.
It needs to be noted that the method can only be used when software is executed by the user on the system.
Still, it is important to know that it is possible to bypass the protection. There is little that users can do to prevent this from happening other than being very careful in regards to the programs they run on their systems.