Mozilla removes FVD Video Downloader extension from its add-ons store
The FVD Video Downloader is no longer available on Mozilla's add-on repository. Some Firefox users had complained that the add-on was redirecting them to a malicious page.
Mozilla bans the FVD Video Downloader extension
The issue came to light yesterday, when a user reported that Firefox kept redirecting them to a tracking site called "CDNSURE". They were perplexed by the issue, had tried troubleshooting it, from clearing cookies and the cache, and even going to the extent of deleting Firefox's folders. They explained that the browser would load web pages, but after a few seconds would redirect them to the questionable site. The user eventually figured out the cause of the problem, an add-on called FVD Video Downloader. Once they disabled the add-on, the browser worked normally. A few others chimed in, saying they were facing the same problem, and that removing the add-on solved their issue.
Image credit: Mozilla support forums
Several users raised similar complaints on Mozilla's community portal. A day later, the FVD Video Downloader has been delisted from Mozilla's add-ons store.
The add-on seems to be unrelated to FVD Speed Dial, which coincidentally was also banned by Mozilla. Maybe Mozilla doesn't like those initials, eh?
Jokes aside, I wanted to learn more about the add-on, since I had never used it. I managed to access a Google cached version of the FVD Video Downloader add-on's page. The developer's name is FV Video, you can take a look at the add-ons's icon in the screenshot. I couldn't find it on the Chrome web store, but there were 3 or 4 extensions named Flash Video Downloader, including one that has an icon which looks similar to an add-on that was found to inject ads on websites a few years ago.
FVD Video Downloader's last version was 1.32, and it was updated on January 16th, 2019. That's odd, isn't it? How could an outdated add-on suddenly start acting weird? Perhaps something changed in the backend, maybe the servers used to trigger the download were being redirected to the malicious domain? That should be enough for banning the extension, as it would clearly be a violation of the terms and conditions set by the AMO.
Is Mozilla striking add-on developers unfairly with its banhammer?
Some users on reddit were discussing how Mozilla has been silently removing extensions recently. An add-on called Age Restriction Bypass for YouTube, suffered the same fate. The plugin's developer has mentioned that the extension was also removed from the Edge add-ons store for violating their terms of service, well at least here we know that there was a clear breach of the rules. You may use the add-on's functionality by installing a user script using Violentmonkey or a similar extension (FYI: Tampermonkey is no longer open source).
The BlockTube extension has also been removed from Mozilla's add-on repository. Its developer explained that the reason given for the add-on's removal was because it contains "minified, concatenated or otherwise machine-generated code". It was related to the eval function which the add-on was using for blocking content on YouTube. That is literally what the extension is designed to do, to block and filter content. The compressed text editor code was replaced, and the add-on was submitted for review, but Mozilla rejected it again for using the eval function. The add-on developer has resubmitted their extension for review after making some more changes to the code.
Update: The BlockTube extension is available again. End
According to a comment by Juraj Mäsiar, the developer of Group Speed Dial, Mozilla gives a 14-day grace period for add-on developers to fix issues with their extension, failing which results in automatic removal of the plugin from the add-on store. He also pointed out that many developers have complained about Mozilla's add-on review process. Even popular apps like 1Password were not spared from this drama, well at least the reviewers are treating everyone equally.
Update: Juraj has posted a detailed analysis of FVD Video Downloader on reddit. It turns out that the add-on uses obfuscated code for various purposes such as creating a secret iframe injection, including potentially loading third-party iframes, and may even be used to execute malicious commands remotely.He also discovered a couple of other malicious add-ons that are hosted on Mozilla's AMO. The first extension is called Ummy Video Downloader. The former has the same source code as FVD Video Downloader, and even uses the same secret frame injection. and has obfuscated code for creating and loading 3rd party iframes. The other add-on is Video Downloader Professional. It's also called Video Downloader Ummy and was originally named FLV Video Downloader, which he says is definitely malicious. End
Removing malicious add-ons is a good thing, it has to be done to keep users safe, but Mozilla needs to be transparent and explain why an extension was delisted. This seems eerily similar to how Google bans apps from its Play Store. Good extensions have to pay the price sometimes. The recent ByPass Paywalls Clean issue is another example of this. Mozilla never revealed the reason for banning the plugin, but the developer confirmed it was due to a DMCA notice, which we had speculated. They also said that the add-on would not return to Mozilla's store again. You may install a signed version of it from the project's GitLab page.
Let's get back to FVD Speed Dial's removal, the add-on's page clearly states the reason behind the ban. Why not do the same for all extensions?
Since I’ve rarely wanted to transfer more than one tab between browsers, I’m not inclined to install another extension just for that — especially one that (according to your description) closed all my tabs in the process. In the past I’ve just copied and pasted the URL, but (even for just one tab) that is a little tedious.
I just tried an interesting little experiment, with a useful result. (I did this on my Mac, but I’m guessing it would work on other platforms too.) I’m reading this article in Firefox, so I opened a new blank window in Chrome. At the top of both browser windows, at the far-left end of the URL bar, there’s a little icon of the letter “i” in a circle. (If you hover over it in Firefox, it says “Show site information”; in Chrome, hovering it says “View site information” — that’s the icon I’m talking about.)
I simply dragged the Firefox “i” icon from the top of this page, into the Chrome window — and this page loaded in Chrome! It worked! Then I tried something just a bit trickier, in the other direction — I first (from a bookmark) loaded into Chrome a page from my local web-development server (i.e. not online)… then dragged the “i” icon from the Chrome toolbar into this Firefox window — and it worked then too!
So, although I have no interest in the OneTab extension, I just learned something useful! I hope other people find this trick useful too. (Later I’ll try it in Safari — maybe it works in every browser?)
Interresting find Jonas, thanks for sharing!
Your comment doesn’t appear to be one of the real @Martin, because there is no black label rounding the entire title of the comment as before. :S
I also used onetab already and didn’t even know they had this feature. Thanks so much.
Exporting tabs to FF: “The address wasn’t understood. Firefox doesn’t know how to open this address, because one of the following protocols (chrome-extension) isn’t associated with any program or is not allowed in this context.”
Useless.
And the most important information was left out of the article or it don’t even exist in the first place: how to completely disable such functionality.
Your comment doesn’t make any sense at all. It’s an explicit user action to import data from other add-ons. If you don’t want it you just don’t do it.
This comment actually does make a lot of sense, and I am actually searching for this. Some people do NOT want websites to be (badly) translated, so they never use such a feature. The things is, every time I visit a non-english website this annoying menu pops up, and the button is another element in the URL bar cluster of useless unused features. I do not want to add all languages to a “do not translate” list, instead I want a “hide button” or “disable translations completely” setting.
This comment actually does make a lot of sense, and I am currently searching for this. Some people do NOT want websites to be (badly) translated, so they never use such a feature. The things is, every time I visit a non-english website this annoying menu pops up, and the button is another element in the URL bar cluster of useless unused features. I do not want to add all languages to a “do not translate” list, instead I want a “hide button” or “disable translations completely” setting.
my bad. somehow my, and I think DMoRiaM’s comment got mixed into the wrong article. Haha.
go to about:config and set browser.translations.automaticallyPopup to false.
Does this hack still work on FF 107 or whatever is most current?
Firefox 118 seems to be officially rolling this out by default: https://support.mozilla.org/en-US/kb/website-translation
Hoping Mozilla won’t remove the option altogether in the future as they already did for other, ahem, unwanted features… Why don’t they listen to their users instead?
@zed,
your reply seems to be Addlibs (according to your RSS reader),
Addlibs did not intend to comment on this article “OneTab browser extension”, but regarding Firefox’s new built-in fullpage translation “Firefox Translation”.
Firefox Fullpage Translation
https://support.mozilla.org/en-US/kb/website-translation
what the heck is going on with comments on this site lately?
first comment on THIS article was 9-2019.
Looks like the comments database is corrupted.
Besides old comments appearing in new articles, the same comment appears in multiple articles.
Also I answered a comment in one article, and the same answer appeared as an answer to a different comment by the same person.
@Martin Brinkmann,
Anyway, please deal with this anomaly ASAP.
Comments are a mess, irrelevant and chaotic.
If there is no prospect, Ghacks Technology News should be put on hiatus until the system is fixed.
It’s the same as before with endless monologues or people telling others why they are wrong.
Actually, Frankel, it’s you who’s wrong
This is all techo-BS. What people want is far simpler: a hotkey toggle: images on/images off. Is that really so complex? Seems so. It’s like autoplay videos on/off. In that case you can set it to off but it doesn’t stick. Typical digiocy.
This isn’t great but it might help people that have moved from chrome to firefox to some extent. I can’t tell you the amount of time I have seen people complain that a certain extension they use on google is not available and the only thing holding them back from moving over when they are actually wrong and the very same developer has a Firefox version also. I would always encourage manually looking as there are always hidden gems.
In regards to the website I have reached out to Martin personally and to his credit he replied very quickly. He has informed me that they are aware of the problems and are attempting to fix it.
Martin is no longer involved in the technical management of the site so I imagine if we want to ask someone then our comments would perhaps be better directed towards Softonic.
I don’t understand what is happening here with the comments. The counter shows zero comments and then inside there are some comments from older dates even since years. And mostly of them are non related by the way with the article. So sad what’s going on and nobody is still fixing it. :S
This site now appears to be mostly be created and run by AI. On the positive side (if there is one), I guess we can assume at some point the AI will be capable of recognizing and fixing corrupted files and the like.
“Import Chrome extensions” …. (by installing comparable Firefox extensions) … (for a small number of extensions).”
What a bunch of bogus PR spin. Someone who liked uBlock Origin on Chrome could already install it just fine on Firefox with a couple of mouse clicks. This just adds extra unnecessarily complicated steps to something that was already dead simple, all in order for Mozilla to claim fake one-to-one compatability that doesn’t actually exist.
It would be interesting if Firefox could install Chrome Addons directly from the Chrome Web Store. Although there would probably be some incompatibility, perhaps there’s a shim to translate some Chrome-specific WebExtension APIs over to Firefox. Microsoft Edge can install extensions directly from the Chrome Web Store, but Edge is using the same Blink web engine as Chrome so that makes things easy.
Don’t really care about importing as I never use that feature.
Just retire Gecko and join the Blink bandwagon already, Mozilla. Then you can guarantee 100% Chrome extension compatibility! /s
Not like your browser is getting much attention let alone budget compared to your other woke social justice initiatives.
Hello,
does anyone know if the STG has issues with the sidebar at the moment? I just added it and can not find any option to use it in the sidebar. I am also using an add-on for tree style tab…this might be the source of the problem?
Greetings, Anja
tried typing- about:config -in the search bar -( I want to enable javascript) but it simply will NOT open!
I tried Firefox Translate, but it doesn’t do Chinese or Japanese, and that’s a deal-breaker for me. I uninstalled it and am sticking with the Google Translate extension.
“…Vivaldi and Brave use self-hosted solutions, which still require connections, but offer better privacy than an integration of Google Translate or other third-party translation services would offer.”
While I like Brave as a browser, their translation “solution” just plain sucks. I’d rather have the data sent to Google or Bing, than have a translate feature that just doesn’t work properly. Not only is it not possible to select just a section of text to translate, but to make it worst, most of the time translating the whole page in Brave is either really unbearably slow, or more often than not, it just won’t translate the page at all and displays a “This page couldn’t be translated” error. It’s pretty pointless if their users need to keep using something else to translate pages and have to give up their privacy anyway.
The native translate feature in Firefox sounds like a much better solution than what Brave use.
Great news, thanx FF devs! Hopefully, more languages will be available in the future. So happy!
Floorp comes with its own built-in translator. It’s been like that ever since the first release in fact.
https://floorp.app/download
Article title: Firefox 117: native language translations, last Firefox 102 update and security fixes
https://www.ghacks.net/2023/08/29/firefox-117-native-language-translations-last-firefox-102-update-and-security-fixes/
I think for now every time I comment on an article I am going to put the title of the article and/or the URL of said article because I am seeing my own comments which are from another Firefox related article but not exactly this one.
In regards to this website Martin does not have administrative access to the back end of the website. It would fall on softonic international to fix it now which seems to be of very low priority.
This might be the straw that broke the camels back for ghacks which is a shame because it had many good comments and articles that go way back. Moving away from it would suck.
Maybe try contacting them here to see if you can get any action.
https://hello.softonic.com/contact/
Can you help me please.
Latest version, they pust their VPN (powered by Mullvad) yet again. Instead of writing version changes. sigh. https://imgur.com/g6N20bN
Luckily I had a recent backup available. Firefox was no longer giving me access to profiles when I reinstalled version 116.03 and was asking me to create a new profile. It asked me to upgrade last night and to my surprise all theJS scripts were gone.
https://github.com/xiaoxiaoflood/firefox-scripts/issues/265
Firewall: “Deny [Firefox] outgoing connections to domain nextdns.io”
Firewall: “Deny [plugin-container] outgoing connections to domain cloudflare-dns.com (including mozilla.cloudflare-dns.com)”
It’s exciting to hear that Mozilla is actively working on a design refresh for their Firefox web browser, internally referred to as Photon. The last major redesign, known as Proton, was introduced in Firefox 57 back in November 2017. Since then, Mozilla has made some interface changes, including the controversial address bar overhaul in Firefox 75 Stable.
While specific details about the design refresh are currently limited, Mozilla has created a meta bug on Bugzilla to track the changes. Although no mockups or screenshots have been shared yet, the bug names provide some insights into the elements that will receive a refresh, such as the address bar, tabs bar, main menu, infobars, doorhangers, context menus, and modals.
The new design is scheduled to be released in Firefox 89, which was initially planned for a mid-2021 release, specifically May 18, 2021. However, as development work is still ongoing, there is a possibility of a delayed release.
@ Zibtek,
I’m already using Photon on Floorp which is a fork of Firefox. Here’s a pix of what it looks like:
https://i.postimg.cc/8PsK7DjV/floorp-photon.png I enabled the menu bar at the top, but you can turn it off if you don’t like it.
Floorp is a Japanese browser based on FF102. I’ve been using it as my default browser ever since ‘owl’ pointed it out on the Ghacks site last year (or was it this year, can’t remember exactly when). In any event it contains many more enhancements than the vanilla version of Firefox. It also comes with searXNG search engine in the list of search engines provided which saves having to install it yourself.
Floorp download: https://floorp.app/en/
My comment is regarding the following,
Article title:
Mozilla patches critical WebP security issue in Firefox and Thunderbird
>> ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/#respond
Indeed, today, those patch versions were applied through automatic updates.
However, since I had disabled the “WebP” function, I was not interested in that topic (Google, etc.).
Regarding Thunderbird:
Today finally,
My Thunderbird 102.14.0 (en-US) was updated with “Thunderbird 102.15.1 (x64)” through the automatic update feature.
By the way,
Naturally, it will not be automatically updated to 115 (Supernova).
Anyway,
it is clear from Bugzilla that the bug fixes related to migration from 102 to 115 are not complete, so existing users of “102” should refrain from manually updating to 115.
>> ghacks.net/2023/09/08/thunderbird-102-to-115-upgrades-are-now-enabled/#comment-4573569
Betterbird has been released 115.2.1-bb11 (12 September 2023) . Betterbird make Thunderbird a faithful upstream.
Betterbird: Release Notes
>> betterbird.eu/releasenotes/?locale=en-US&version=115.2.1&channel=default&os=WINNT&buildid=20230911203543
@Martin Brinkmann,
I posted in response to an article published on 2023/09/13.
Article title: Mozilla patches critical WebP security issue in Firefox and Thunderbird. >> ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/
However, the link was to an unrelated article published on 2019/09/27.
>> ghacks.net/2019/09/27/how-to-import-tabs-from-chrome-to-firefox-and-vice-versa/
This kind of “disorder of Articles and Comments” has been going on for another month.
Is this an obvious (by Softonic, which operates and manages ghacks.net) act of sabotage against Martin and Ashwin?
It’s really frustrating!
[ My comment is on “Mozilla patches critical WebP security issue in Firefox and Thunderbird” https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/ though not directly related to that article ]
What happened to gHacks? When the site was bought out, Martin assured us it wouldn’t go downhill and he’d maintain editorial control, but the AI-written articles are ruining the quality of the site. I’ve been tempted to drop the site from my RSS reader because of this. Is there an RSS feed with only the human-written articles? Individual feeds for each author isn’t a good solution.
Article Title: Mozilla patches critical WebP security issue in Firefox and Thunderbird
Article URL: https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/
If anyone was unaware you should download the extension “Don’t Accept WebP” regardless of the patch. WebP is absolute trash that is unnecessary and clearly an issue. I would rather my images be in their native format and not some recompiled trash such as WebP.
I have absolutely no love for the parent company of this website.
I agree, this is so atrocious – most of the time you can even tell by the URL what format the original image was in – this “reconvert-on-the-fly” nonsense is terrible – but especially so when you’re converting a lossy format, which should be avoided as often as possible.
Sometimes you can edit the image URL to get it to send the right image, unfortunately “don’t accept WebP” doesn’t always work – but that’s why they offer a built in conversion, I suppose.
@ Mystique,
Thanks for the tip (about the addon). I wasn’t aware that Webp was a vulnerability.
I read only Martin Brinkmann’s, Mike Turcotte’s, and Ashwin’s articles. Add uBlock Origin news filter for ghacks:
! 2023-09-13 https://www.ghacks.net/
ghacks.net##.hentry,.home-posts:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
@ https://www.ghacks.net/2023/09/13/mozilla-patches-critical-webp-security-issue-in-firefox-and-thunderbird/#comment-4573641
I tried your uBlock filter on Brave snap packaga for Ubuntu, but it doesn’t work, do I need to restart the browser?
I have noticed uBO doesn’t fully work on Brave, for instance the Element Picker can’t pick anything while the Zapper do, but not 100%, Nuke Anything works much better, but it’s only temporarily.
“important address bar change” alright calm down… lol
I have gotten rid of the stupid shield and the “not secure” box, and have it set up so that it always displays the full URL (I think…?).
In a perfect world, it should just always show the full url, no icons, or emojis, or anything like that.
“Users may want to know why Firefox is no longer displaying https:// in the address bar” I’ll bet nobody will notice anything – apart from a select few autists like myself who customise everything and don’t like change.
“Users may want to know why Firefox is no longer displaying https:// in the address bar”
Why, I don’t know either (a breeze of madness or is it of love in the air), but there’s an about:config to handle that as well (Firefox) :
// display all parts of the url in the location bar (do not trim)
pref(“browser.urlbar.trimURLs”, false); // Dfault=true
Things, too many, too often are decided in spite of common sens.
Firefox is always copying whatever Chromium does… it is like they are a Chromium browser without the name and having trouble rendering many websites. In fact, it is like they are getting 400million just for existing and adopt anything Google releases or does, like web extensions, widevine, safe browsing and then visual changes like this.
I like how some people think there is a choice, and the choice is better than the leader… while still failing at basic stuff.
What’s the point of these useless changes? Just show the full address with the protocol at all times and be done with it…
I set the User Agent address bar to always show the entire URI in a unmasked format.
Martin, as of 19 September 2023, the gHacks comments system is still severely mangled. Data subjects have considerable rights conferred on them; where those decisions are likely to affect them.
Let’s start again. “I set the User Agent address bar to always show the entire URI in [an] unmasked format.”
Hallowed be the memory of the Lost Souls.
“HTTPS doesn’t mean safe:
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.”
[https://www.kaspersky.com/blog/https-does-not-mean-safe/20725/]
HTTPS doesn’t mean safe
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.
HTTPS doesn’t mean safe
Many people assume that an HTTPS connection means that the site is secure. In fact, HTTPS is increasingly being used by malicious sites, especially phishing ones.
website still wacked huh?
Article: Firefox 119 will launch with an important address bar change
https://www.ghacks.net/2023/09/19/firefox-119-will-launch-with-an-important-address-bar-change/
Just one thing regarding the URL bar as it looks like now in latest Firefox, the relatively new feature where some extensions would add their icon inside the URL bar, how bad can it get?
https://imgur.com/uIlWI58
https://postimg.cc/YvYnpzGh
https://ibb.co/QQT584N
ps. uploaded same pic to several links just to make sure some will work.
(For those who can’t see the pic it’s a snapshot showing a URL bar full of extensions, and also Firefox own built in icons that would appear inside the URL bar depending in some cases on which type of website is being viewed, there’s no space left for the actual thing the URL bar is supposed to view, namely the URL address itself)
Yes, I have several extensions on the toolbar, but the menu bar is pretty full and I want to keep some on the toolbar too, and usually Firefox would also push excessive extensions behind a drop-down menu for access to them as well, but as it looks like now the URL bar is given too little space priority, or is there a way to restrict to a minimum URL bar size?