Firefox To Warn Users Against Search Engine Hijacking

Firefox already warns users when a third-party bundled add-on tries to install itself automatically. Now, Mozilla is going to take another step towards preventing unauthorized changes in user’s browser preferences. Starting with Firefox 19, which is currently in the nightly channel, Firefox will warn users when any add-on modifies the keyword.URL preference.

The keyword.URL preference decides which search engine should be used when a user enters keywords in the address bar. A malicious add-on may change the default search engine setting, and redirect users to a different search engine.

firefox-keywordurl-hijack-warning

This feature has already landed in the current nightly build. Mozilla’s Gavin Sharp explains this feature on the bugzilla page, “SUMO feedback shows that users falling victim to search hijacking (keyword.url being taken over by an unwanted search engine) is a common problem. Some of these cases are triggered by aggressive malware that wants to steal search referrals.”

On the other hand, users can modify the keyword.URL setting manually from the about:config page to use a different search engine from the address bar. Chrome also has a similar feature where the users are notified whenever the default search engine is changed by any external application.