Earlier this year, there was an extension that was found to be performing in a malicious way on older versions of Firefox. To attempt to remediate the changes made by the malicious extension,we shipped a remediation extension using GoFaster [1] to users on the release channel of Firefox 44, 45 (but NOT the ESR channel) and 46. After that time the blocklist came into effect for the extension.
After consulting with Mozillians familiar with the enterprise it was decided not to ship to the ESR channel given that the organization manages the desktop in its entirety. It was recommended that we makes members of the enterprise mailing list aware of the issue so they can push the remediation extension out if they'd like to, or deal with it in a way they see fit. The bugs for the original malicious add-on [2] and the remediation we took [3] are in bugzilla and are now public. We added metrics to the remediation extension so we could track the results [4]. Once we shipped the extension we found low infection rates for the extension amongst the population. If there's any questions, please let me know. [1] https://wiki.mozilla.org/Firefox/Go_Faster/Process [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1251911 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1258565 [4] https://gecko.readthedocs.io/en/latest/toolkit/components/telemetry/telemetry/data/addons-malware-ping.html _______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
