Closed Bug 1618814 Opened 4 years ago Closed 4 years ago

Extension block request: Add-ons executing remote code


(Toolkit :: Blocklist Policy Requests, task)

Not set





(Reporter: TheOne, Assigned: TheOne)


(Whiteboard: [extension])

Extension name Add-ons executing remote code
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard


I’ve reviewed the add-ons and confirmed they are executing remote code.

Extension GUIDs


The block has been staged. Simon, can you review and push?

Flags: needinfo?(sbennetts)


Group: blocklist-requests
Closed: 4 years ago
Flags: needinfo?(sbennetts)
Resolution: --- → FIXED


It looks like this update has removed an extension I have enjoyed the use of for a long time, "Dark Mode".
The add-ons page offers very little explanation, nor does the link following it:
Could you please offer some enlightenment as to why this add-on has been removed?


  • Jack
Flags: needinfo?(awagner)

What's happening with this "Dark Mode Dark Reader" extension? Is it secure or is it stealing user's data?
It would be a shame to see it go, it is an extremely useful really great extension to Firefox. So good in fact that it should be built in..

Flags: needinfo?(scolville)
Flags: needinfo?(scolville)
Flags: needinfo?(awagner)

Thank you.
It has exactly the same user interface as "Dark Mode" which got reported in this bug. Is it the same extension then?
More importantly was "Dark Mode" a copy that way stealing our data? Should we change all passwords now??!

I was also using the Dark Mode extension, which seems to to be a sightly outdated clone of Dark Reader now that I've installed the real extension... So it seems pretty apparent it was just a clone of the official extension bundled with malicious intent. I'm actually pretty surprised I fell for that, but it seemed legitimate at the time. What was the nature of the remote code execution? I've been running the extension for a while now and wonder what kinds of security breaches may have occurred? Are there any samples of the code that the extension was pulling end executing?

gvandereay's question is very important. Please let us know what exactly "Dark Mode" was doing and if our data security could be compromised.

We appreciate your comments but this is not a discussion forum. The block reason is stated in the initial comment. Please see the Reason section. The nature of remote code is that it can be different for any user and can change at any time. Therefore, execution of remote code is forbidden by our policies.

Our general discussion forums are at
Thank you for your understanding.

Restrict Comments: true
You need to log in before you can comment on or make changes to this bug.