Kaspersky statement on Kaspersky Protection Extension not recommended in Mozilla FireFox web browser
Kaspersky is aware that Kaspersky Protection Extension plugin has been listed as non-recommended in the Mozilla FireFox add-on store. According to Mozilla, Kaspersky Protection Extension doesn’t correspond to the criteria of recommended extensions for its browser, as listed below.
Despite being given non-recommended status, Kaspersky ensures its customers that using Kaspersky Protection Extension fully meets the declared functions of a Kaspersky product. In order to clarify how Kaspersky users are protected while using the Kaspersky plugin for this browser, we have responded to each of Mozilla’s specific claims below:
- According to Mozilla, Kaspersky Protection Extension potentially compromises user privacy or security.
The Kaspersky plugin analyses the document object model (DOM) of a web page for malicious elements. The analysis of DOM is carried out securely by the Kaspersky product in a similar way to how all potentially harmful files are analyzed. The transmission of potentially harmful parts of the DOM from the browser to the product is enabled through a special secure mechanism of web messagingб window.postMessage. This is the standard security mechanism recommended by Mozilla to transfer data from the browser to third-party services. The process of the anti-virus service itself is carried out as self-defense, which does not allow malicious processes to access its data. The transfer and processing of all user data from the browser is in line with the Kaspersky product EULA or KSN agreement, as accepted voluntarily by users.
- Mozilla finds that the Kaspersky plugin installs cookies that are not explicitly required for the add-on’s functionality.
In order to protect a user from having their bank card details being stolen the Kaspersky secure browser feature launches a separate safe browser in a secure environment to which the cookies from the original browser are transferred. The transfer of cookies is done for the sake of user convenience as it saves the context of a store’s web page where the user makes purchases. Cookies are also transferred through a secure process using the window.postMessage mechanism. Cookies are not processed or stored by the Kaspersky product but are only transferred from an original browser process to a safe one.
- Mozilla prohibits unexpected changes to the browser or web content.
Kaspersky only makes changes that are necessary to protect users from being directed to malicious websites. Therefore, the plugin can change the document object model of the suspicious page to prevent the user from opening it, for example by showing a warning banner, as well as mark the ‘good’ and ‘bad’ links in the search results. If a user activates the anti-banner feature in the Kaspersky product, the plugin will hide ad banners.
- Mozilla found that Kaspersky products include features or functionality not related to the add-on’s core function.
The plugin is only a part of a Kaspersky security product that enables safe data transferring from a browser to the product through the window.postMessage mechanism. We believe Mozilla didn't have opportunity to analyze the full functionality of the Kaspersky product when testing the functionality of the plugin, Mozilla cannot identify all working scenarios that are possible in the Kaspersky browser plugin that among others includes, for example, parental control, secure & virtual keyboard or URL advisor. We are happy to provide this information to Mozilla should there be a necessity.