Closed
Bug 1314555
Opened 8 years ago
Closed 6 years ago
mcafee extension is active even if the user has disable/uninstall it, because McAfee is injecting into extensions.ini
Categories
(Toolkit :: Add-ons Manager, defect, P3)
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: syfre92, Unassigned)
Details
(Keywords: privacy, Whiteboard: triaged)
Attachments
(6 files)
about-debugging1.png
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0 Build ID: 20160823121617 Steps to reproduce: mcafee Endpoint Security Web Control is installed on my computer (by my organization) (the extension is wcffplg.xpi) * I uninstall mcafee extension in firefox options * I delete the corresponding entry in registry (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions) Actual results: After reboot and firefox restart, the extension is loaded and active wcffplg.xpi could be found in loaded modules with Process explorer Extension is active, could be seen in google result pages Expected results: The extension MUST not be loaded This a major threat because if mcafee can do it, a malware extension can also do it Chrome do not allow that. (and in my opinion mcafee is a malware)
|
||
Updated•8 years ago
|
Summary: mcafee extension is active even if the user as disable/uninstall it → mcafee extension is active even if the user has disable/uninstall it
Component: Extension Compatibility → Add-ons Manager
Product: Firefox → Toolkit
|
||
Comment 1•8 years ago
|
||
If this is still reproducible can you please do the following to help use diagnose it: 1. Go to about:config, create a new boolean preference called extensions.logging.enabled, set its value to true 2. Restart the browser 3. Open the browser console (ctrl-shift-J or cmd-shift-J), paste the contents into a text file, and attach it to this bug
Flags: needinfo?(syfre92)
firefox.pml : capture of firefox boot by procmon Nouveau.....txt : the log you request 1,2,3,4 : screenshot of the actions of the wcffplg.xpi extension procmon.zip : if you don't have procmon
|
||
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: triaged
|
||
Comment 3•8 years ago
|
||
I don't see any mention of the mcafee extension in the add-ons manager logs you provided or in the screenshot of the add-ons page. So how is it being loaded?
Yes, you don't see it in the add-ons page and in your log but you can see it is loaded in the procmon trace and that the wcffplg.xpi is in the process space and that the extension is active. So this is really the point, how it is loaded ?
|
||
Comment 6•7 years ago
|
||
Please attach copies of extensions.json and extensions.ini from your profile folder. That will tell us for sure if it is the add-ons manager that is loading it and why.
|
|
||
Comment 7•7 years ago
|
||
Also please tell me if you can see the extension in about:debugging.
|
||
Comment 8•7 years ago
|
||
I am facing the same "issue". Your sysadmin must have enabled this plugin by some policy. The McAfee will just keep installing and enabling the plugin. Very anoying if you can't control this yourself, since the McAfee conflicts with some other plugins like LastPass. More info: https://kc.mcafee.com/corporate/index?page=content&id=KB87568
Yes, it's enable by the group policy, but as noted in the mcafee document , chrome doesn't allow to override the user consent; what is not clear is how the "ENS Web Control service" enable the extension if the user has disable it. If Mcafee can do that any malware can also do it, for me it's a bug unless mozilla guys say it's a regular feature.
|
|
||
Comment 10•7 years ago
|
||
If you are all seeing the same issue as the reporter, that is that the mcafee extension appears to be running but does NOT appear in the add-ons manager then please answer comments 6 and 7.
|
Reporter | |
Comment 11•7 years ago
|
||
extensions.ini
|
|
Reporter | |
Comment 12•7 years ago
|
||
extensions.json
|
|
Reporter | |
Comment 13•7 years ago
|
||
about:debugging
|
|
Reporter | |
Comment 14•7 years ago
|
||
about:debugging 2
|
|
Reporter | |
Comment 15•7 years ago
|
||
To answer comment 7, no i don't see it, i have attached the screen shot
|
|
||
Comment 16•7 years ago
|
||
It looks like McAfee is injecting their add-on into extensions.ini which makes it load on startup regardless of whether the extension manager thinks it is installed or not.
Flags: needinfo?(syfre92)
|
||
Comment 17•7 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #16) > It looks like McAfee is injecting their add-on into extensions.ini which > makes it load on startup regardless of whether the extension manager thinks > it is installed or not. So this is not a mozilla bug, correct?
Summary: mcafee extension is active even if the user has disable/uninstall it → mcafee extension is active even if the user has disable/uninstall it, because McAfee is injecting into extensions.ini
|
|
||
Comment 18•7 years ago
|
||
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #17) > (In reply to Dave Townsend [:mossop] from comment #16) > > It looks like McAfee is injecting their add-on into extensions.ini which > > makes it load on startup regardless of whether the extension manager thinks > > it is installed or not. > > So this is not a mozilla bug, correct? It's debatable. In an ideal world we'd be able to stop this sort of behaviour and blocklist the offender, but it's difficult to do.
|
||
Comment 19•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•