BrowserFame reports the latest “nightly channel” of the Firefox browser, version 19, is warning browser users when it appears someone is hijacking the search engine results.
This is to warn users when they may be “falling victim” to “search hijacking” according to the feature page. The page goes on to explain how the feature works in more detail:
Some of these cases are triggered by aggressive malware that wants to steal search referrals, but other cases can be resolved by us simply resetting the pref to its default value once:
- poorly written add-ons that legitimately change the pref, but programmatically such that removing the add-on doesn’t revert the change
- sketchy software installations might do a one-time change of the pref value in the user’s profile
- users may have unintentionally change the pref value, or may have been encouraged to modify it by a “tweaks” site, without realizing that this leaves them susceptible to brokenness in the future (google.com/firefox is no longer being maintained, and might go away at some point)
There are two cases we can detect:
- pref is changed, and the hostname is different (e.g. switched from the default of Google to SuperAwesomeWebDealsSearch.com)
- pref is changed, and only parameters are different (e.g. user customized to a specific type of Google search, or referral codes where added)
In either case, we could prompt the user and offer to reset the keyword.URL value to the default after they trigger a search from the location bar (with perhaps a slightly different string for each).