Add-ons malware ping¶
This ping is generated by an add-on created by Mozilla and shipped to users on older versions of Firefox (44-46). The ping contains information about the profile that might have been altered by a third party malicious add-on.
Structure:
{
type: "malware-addon-states",
...
clientId: <UUID>,
environment: { ... },
// Common ping data.
payload: {
// True if the blocklist was disabled at startup time.
blocklistDisabled: <bool>,
// True if the malicious add-on exists and is enabled. False if it
// exists and is disabled or null if the add-on was not found.
mainAddonActive: <bool | null>,
// A value of the malicious add-on block list state, or null if the
// add-on was not found.
mainAddonBlocked: <int | null>,
// True if a malicious user.js file was found in the profile.
foundUserJS: <bool>,
// If a malicious secmodd.db file was found the extension ID that the // file contained..
secmoddAddon: <string | null>, .
// A list of IDs for extensions which were hidden by malicious CSS.
hiddenAddons: [
<string>,
...
],
// A mapping of installed add-on IDs with known malicious
// update URL patterns to their exact update URLs.
updateURLs: {
<extensionID>: <updateURL>,
...
}
}
}