Seen one of those recently, can't recall the name, but it was a multi-platform web extension originating from mozilla addons website.
What it does, well it renders another url input box on top of firefox url bar to disguise itself as a standard url bar.
It's definitely logging, harvesting data and storing it somewhere on some 3rd party server.

What to do about this, and since GDPR was forged, how is it even legal for mozilla to ship this within EU?
It's not really my problem, as I'm not a firefox user and I don't have any such extensions...
Just wondering if something can be done about it before it spreads everywhere and becomes a new trend.

I've never looked this up before, but it took a few seconds to go to addons.mozilla.org, jump to the footer navigation and identify the "Developer Policies" link as the most likely target, which promptly led me to these two URLs...

https://extensionworkshop.com/documentation/publish/add-on-policies/#no-surprises
https://extensionworkshop.com/documentation/publish/add-ons-blocking-process/#requesting-a-block

It's not an addon, it's called "Google".

OK seriously, not on FF but on your Android browser this is definitely happening.
And on FF too, to some extent - depending on your settings - what you enter in the URL bar is sent to the search engine first (can be DDG too), then evaluated as an URL.

I agree with your sentiment, but unfortunately most people expect their URL bar to behave like that.

No, it's not owned by google, and not built-in to firefox. It's a new interface component on top, which looks exactly like url bar & covering the standard url bar.
Not related to built-in browser.urlbar component in any way, except it looks exactly like that. Once disabled in about:addons it is gone.

So yeah, the no-surprises directive seems relevant, however I'm neither a publisher or user of webextensions, I don't even have an account there so I guess it's not my responsibility.
I'm not trying to be a webextension curator either, just asking if someone has seen it before as it might help me figure out the extension name and filter the server it's using.

Is that even possible in today's Firefox? What makes you believe this is occurring?

What you appear to be saying is that you want help securing your own network, but you don't care about reporting malware for the benefit of everyone else?

Seen it, but the laptop hosting it is not my reponsibility, don't have access to it & can't remember the extension name because it's been a while.

Look, my LAN is my responsibility, being an unpaid curator of things outside my domain really is not.
Maybe you think I should take the risk and report it for the greater good, but that's just giving me a reason to look over my shoulder for the rest of my days.
Furthermore, I don't need "help securing my network" whatever that implies, this is something you assumed with no quote to back it up.

What risk?

If you identify the addon, reporting it to Mozilla means it gets banned and disabled in almost all instances of Firefox. (Including those within your LAN, unless you've explicitly blocking Mozilla's blocklist.)

https://www.zdnet.com/article/mozilla-has-banned-nearly-200-malicious-firefox-add-ons-over-the-last-two-weeks

How does that give you "a reason to look over [your] shoulder for the rest of [your] days"?


You said: "I'm [...] asking if someone has seen it before as it might help me figure out the extension name and filter the server it's using."

I take "filter the server it's using" to mean you want to configure your firewall(s) to block traffic between the extension and wherever it dials home to.

If you mean something different by it, I can't figure out what that is.

The possibility that the ones hosting it might have created it, in their spare time?

Not trying to sound like a broken record, but I don't use any of these things you're talking about.

Locally, I must explicitly allow. But generally I agree that its domains should be blocked, preferably in a platform agnostic list such as malwaredomains.
But I don't have access to domain names the extension is using, so even if I went out of my way to pass the thing to malwaredomains maintainer, there's still nothing for me to pass.

Apparently, you have not seen that extension, and you don't have it. That's great, but doesn't really answer my question in the title.

extension called sendto in goofle/Brave/Chromium etc
https://adrianistan.eu/

Had a look at the site, cannot see what it's got to do with anything. There's no "sendto" FF addon there.

What more is there to say... seems like a big IF atm.

That was not it, pretty sure it just looked legit but it was not, some kind of SaaS like onenote or something similar but possibly hijacked.
Reason why I think it was hijacked is because I don't really know of any SaaS which prevents access to FF address bar, they normally just add a sub-menu and icon.
Anyway, can't tell what it was with no access to it, I will write down the name next time.