Any unknown activities caused by risky add-ons or extensions serve malicious purpose. They sometimes aim to change or alter your browsing behavior by modifying the home page and/or change your search engine. Taking note of this, Firefox has decided to introduce a new feature that would warn users against search engine hijacking.
Beginning with Firefox 19, Firefox users will see a warning when any add-on modifies or attempts to modify the keyword.URL preference. Search hijacking is the intentional hijacking of the search queries and sending them to some third-party proxy company instead of the search engine for generating revenue and traffic for selected Network Operators.
The feature prevents your search results from being hijacked and redirected. Browsers such as Internet Explorer and Chrome too have a feature where it notifies a user whenever the default search engine is changed by any external application. Now the same search hijack preventing feature will be introduced in Firefox.
The feature has already landed in the current nightly build. Gavin Sharp of Mozilla explains,
“Users falling victim to ‘search hijacking’ (keyword.url being taken over by an unwanted search engine) is a common problem.”
He further explains that some of these cases are triggered by aggressive malware that want to steal search referrals – but other cases can be resolved by us simply resetting the pref to its default value. The scenarios could be:
- Poorly written add-ons that legitimately change the pref, but programmatically such that removing the add-on doesn’t revert the change
- Sketchy software installations might do a one-time change of the pref value in the user’s profile
- Users may have unintentionally change the pref value, or may have been encouraged to modify it by a “tweaks” site, without realizing that this leaves them susceptible to brokenness in the future (google.com/Firefox is no longer being maintained, and might go away at some point)
There are two cases Firefox will be able to detect:
- Pref is changed, and the hostname is different (e.g. switched from the default of Google to SuperAwesomeWebDealsSearch.com)
- Pref is changed, and only parameters are different (e.g. user customized to a specific type of Google search, or referral codes where added)
In either case, Firefox would prompt the user and offer to reset the keyword.URL value to the default after they trigger a search from the location bar (with perhaps a slightly different string for each).