“Be careful when you fight the monsters, lest you become one.” -Friedrich Nietzsche
The developers of popular Mozilla extension AdBlock Plus had been receiving bug reports of “issues” with another popular extension, NoScript, after an update was issued by the developer of the script-blocking software. The AdBlock Plus developers decided to take a look into what was wrong and found something extremely disturbing. The 1.9.2 update of NoScript had incorporated an obfuscated piece of code that actually made changes to AdBlock Plus to allow for ads on the NoScipt and related sites to be shown. In otherwords, it does what a viruses and other malware does to antivirus software only in reverse; instead of blocking access to update sites, it forced AdBlock Plus to allow ads to be shown for the developer’s site explicitly. This most likely would have flown under the radar had it not completely broken Adblock Plus and get caught doing unethical things to other software for self-interest. The issue snowballed when the issue made it to Reddit and caused an outrage amongst faithful users of both extensions. To make things worse, the developer only slightly backtracked; allowing the user to allow or disallow the code modification upon installation of NoScript. The developer eventually removed the code completely in version 1.9.2.6, but not without severely impacting user opinion of the software and spurring discussion of a policy change regarding Mozilla Extensions.
More after the jump.
