We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Security issue with .xul overlay that redirects google results to malicious websites

  • 3 replies
  • 2 have this problem
  • 1 view
  • Last reply by Morbus

more options

There's a security issue that needs fixing: it's quite easy to be infected by an .xul overlay that redirects google results to malicious websites. Closing Firefox and deleting the corresponding folders (order by date and select the one created when you noticed the problem for the first time) and it's fixed. Those folders are located in C:\Program Files\Mozilla Firefox\extensions

This happened

Every time Firefox opened

== Some .xul overlay got installed by something

There's a security issue that needs fixing: it's quite easy to be infected by an .xul overlay that redirects google results to malicious websites. Closing Firefox and deleting the corresponding folders (order by date and select the one created when you noticed the problem for the first time) and it's fixed. Those folders are located in C:\Program Files\Mozilla Firefox\extensions == This happened == Every time Firefox opened == Some .xul overlay got installed by something

All Replies (3)

more options

Hello J.F.

I believe this support article is what you need:

http://support.mozilla.com/en-US/kb/Searches+are+redirected+to+another+site

more options

Thanks, but manually deleting the extension folder that got installed solved the problem for me.

I was just trying to let the dev know about that security issue.

I had run several anti malware / virus scans but none detected this.

more options

Firefox doesn't allow direct installation of extensions to the C:\Program Files\Mozilla Firefox\extensions\ folder and the only extension in that folder when Firefox is installed is part of the defaut theme. Another program on your PC must have installed an extension "globally" so it would be installed in all Profiles, by dropping the "extension" into that folder - which Firefox will install on the next startup.

Do you have any more information about what was installed? Inspecting the contents of the install.rdf file usually reveals information about the source of that extensions and the .xul overlay file you are calling malicious.

One suggestion is to "lock" that C:\Program Files\Mozilla Firefox\extensions \ folder so other programs being installed on your PC can't just "drop" files into that folder. It won't affect you being able to install extensions, because every extension I have ever seen has installed to the Profile - the user has to do a command line installation to make the extension "global" - for all users.