mcafee extension is active even if the user has disable/uninstall it, because McAfee is injecting into extensions.ini

RESOLVED INACTIVE

Status

()

defect
P3
major
RESOLVED INACTIVE
3 years ago
5 months ago

People

(Reporter: syfre92, Unassigned)

Tracking

({privacy})

48 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: triaged)

Attachments

(6 attachments)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Build ID: 20160823121617

Steps to reproduce:

mcafee Endpoint Security Web Control is installed on my computer (by my organization)
(the extension is wcffplg.xpi)
* I uninstall mcafee extension in firefox options
* I delete the corresponding entry in registry
(HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions)




Actual results:

After reboot and firefox restart, the extension is loaded and active
wcffplg.xpi could be found in loaded modules with Process explorer
Extension is active, could be seen in google result pages



Expected results:

The extension MUST not be loaded
This a major threat because if mcafee can do it, a malware extension can also do it
Chrome do not allow that.
(and in my opinion mcafee is a malware)
Severity: normal → major
Component: Untriaged → Extension Compatibility
Keywords: privacy
(Reporter)

Updated

3 years ago
Summary: mcafee extension is active even if the user as disable/uninstall it → mcafee extension is active even if the user has disable/uninstall it

Updated

3 years ago
Component: Extension Compatibility → Add-ons Manager
Product: Firefox → Toolkit
If this is still reproducible can you please do the following to help use diagnose it:
1. Go to about:config, create a new boolean preference called extensions.logging.enabled, set its value to true
2. Restart the browser
3. Open the browser console (ctrl-shift-J or cmd-shift-J), paste the contents into a text file, and attach it to this bug
Flags: needinfo?(syfre92)
(Reporter)

Comment 2

3 years ago
firefox.pml : capture of firefox boot by procmon
Nouveau.....txt : the log you request
1,2,3,4 : screenshot of the actions of the wcffplg.xpi extension
procmon.zip : if you don't have procmon

Updated

3 years ago
Priority: -- → P3
Whiteboard: triaged

Comment 3

3 years ago
I don't see any mention of the mcafee extension in the add-ons manager logs you provided or in the screenshot of the add-ons page. So how is it being loaded?
(Reporter)

Comment 4

3 years ago
Yes, you don't see it in the add-ons page and in your log but you can see it is loaded in the procmon trace and that the wcffplg.xpi is in the process space and that the extension is active.
So this is really the point, how it is loaded ?
(Reporter)

Comment 5

3 years ago
May be it can help you
Please attach copies of extensions.json and extensions.ini from your profile folder. That will tell us for sure if it is the add-ons manager that is loading it and why.
Also please tell me if you can see the extension in about:debugging.
I am facing the same "issue". Your sysadmin must have enabled this plugin by some policy. The McAfee will just keep installing and enabling the plugin. Very anoying if you can't control this yourself, since the McAfee conflicts with some other plugins like LastPass.

More info: https://kc.mcafee.com/corporate/index?page=content&id=KB87568
(Reporter)

Comment 9

2 years ago
Yes, it's enable by the group policy, but as noted in the mcafee document , chrome doesn't allow to override the user consent; what is not clear is how the "ENS Web Control service" enable the extension if the user has disable it. If Mcafee can do that any malware can also do it, for me it's a bug unless mozilla guys say it's a regular feature.
If you are all seeing the same issue as the reporter, that is that the mcafee extension appears to be running but does NOT appear in the add-ons manager then please answer comments 6 and 7.
(Reporter)

Comment 11

2 years ago
Posted file extensions.ini
extensions.ini
(Reporter)

Comment 12

2 years ago
Posted file extensions.json
extensions.json
(Reporter)

Comment 13

2 years ago
Posted image about-debugging1.png
about:debugging
(Reporter)

Comment 14

2 years ago
Posted image about-debugging2.png
about:debugging
2
(Reporter)

Comment 15

2 years ago
To answer comment 7, no i don't see it, i have attached the screen shot
It looks like McAfee is injecting their add-on into extensions.ini which makes it load on startup regardless of whether the extension manager thinks it is installed or not.
Flags: needinfo?(syfre92)
(In reply to Dave Townsend [:mossop] from comment #16)
> It looks like McAfee is injecting their add-on into extensions.ini which
> makes it load on startup regardless of whether the extension manager thinks
> it is installed or not.

So this is not a mozilla bug, correct?
Summary: mcafee extension is active even if the user has disable/uninstall it → mcafee extension is active even if the user has disable/uninstall it, because McAfee is injecting into extensions.ini
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #17)
> (In reply to Dave Townsend [:mossop] from comment #16)
> > It looks like McAfee is injecting their add-on into extensions.ini which
> > makes it load on startup regardless of whether the extension manager thinks
> > it is installed or not.
> 
> So this is not a mozilla bug, correct?

It's debatable. In an ideal world we'd be able to stop this sort of behaviour and blocklist the offender, but it's difficult to do.

Comment 19

11 months ago
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → INACTIVE
See Also: → 1441237
See Also: → 1423384
You need to log in before you can comment on or make changes to this bug.