Is "Frhelper" on Firefox Add-ons Safe to Install?
法语助手——接入大语言模型的AI时代翻译工具,让翻译变得智能高效。这款功能强大的浏览器插件支持鼠标划词翻译、逐段对照翻译、视频双语字幕翻译以及PDF等主流格式文档翻译等多种实用功能,旨在为用户提供便捷的翻译体验。用户还可以自定义选择翻译引擎,调用欧路AI、DeepSeek等前沿大模型,快速获得精准的翻译结果。同时,插件与法语助手客户端同步学习记录,提供个性化学习支持。 ==新版本改进== [25.9.1] - 新增 硅基流动和智谱AI大模型免费使用 - 新增 腾讯混元、豆包、Kimi等翻译模型 - 新增 支持在划词弹窗、侧栏中双击查词 - 优化 支持WhatsApp输入框翻译 - 优化 优化部分网站翻译效果 - 修复 段落翻译按快捷键无法切换回原文的问题 - 修复 高亮重点单词会重复段落翻译的问题 - 修复 海外地区用户可以选择谷歌翻译引擎 [25.8.1] - 新增 智谱GLM-4-Flash模型免费使用 - 新增 智能上下文翻译,段落翻译更精准 - 优化 划词弹窗和侧栏加入词库列表菜单 - 优化 翻译样式支持译文透明效果 - 优化 优化部分网站翻译效果 - 修复 深色模式翻译显示问题 [25.7.0] - 新增 支持使用在手机APP中同步后的词库 - 新增 同传支持系统内录,实时翻译速度更快 - 修复 部分用户YouTube字幕丢失的问题 - 修复 深色主题查词显示问题 - 修复 查词无法显示笔记图片问题 [2.1.1] - 修复 双击查词失效的问题 - 修复 部分用户YouTube字幕丢失的问题 - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 [2.1.0] - 修复 部分用户YouTube字幕丢失的问题 - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 [2.0.9] - 新增 支持自定义界面主题色 - 新增 支持再次按Shift隐藏段落翻译 - 改进 支持翻译结果流式输出 - 改进 支持拖动调整YouTube字幕框位置 - 改进 相同重点单词每页最多高亮3次 - 改进 改进网站翻译兼容问题 - 修复 部分用户YouTube字幕丢失的问题 [2.0.7] - 新增 支持生词本高亮忽略已掌握单词 - 改进 支持高亮单词右侧显示精简释义 - 改进 优化带HTML元素的文本翻译效果 - 改进 优化高亮单词简明解释窗口 - 改进 优化翻译时的内存占用 [2.0.4] - 新增 支持网页翻译后仅显示译文模式 - 新增 支持在单词释义弹窗中直接编辑笔记 - 新增 文档翻译支持直接导出 docx、pptx、xlsx 格式 - 新增 文档翻译支持自定义发音引擎朗读原文和译文 - 改进 优化 YouTube、X、arXiv 等网站翻译效果 - 改进 优化 YouTube 视频字幕断句问题 - 改进 修复重点单词高亮总会显示释义问题 [2.0.1] - 新增 翻译引擎支持自定义第三方大语言模型 - 新增 支持添加DeepSeek V3作为翻译引擎 - 新增 全新PDF翻译引擎,支持对照阅读和沉浸式阅读 - 新增 文档翻译支持Epub、docx等多种格式 - 新增 支持在使用DeepSeek R1模型时,显示思考过程 - 新增 翻译功能支持调用本地Ollama大模型引擎 - 改进 改进网站翻译兼容问题 [2.0.0] - 新增 翻译引擎支持自定义第三方大语言模型 - 新增 支持添加DeepSeek V3作为翻译引擎 - 新增 全新PDF翻译引擎,支持对照阅读和沉浸式阅读 - 新增 文档翻译支持Epub、docx等多种格式 - 改进 改进网站翻译兼容问题 [1.4.0] - 支持自定义提示词风格 [1.3.1] - 支持更多第三方翻译模型 - 优化网站兼容问题 [1.3.0] - 支持最新 gpt-4o-mini 模型 [1.2.8] - 在手机上使用插件时,支持单击查词功能 [1.2.5] - 更新第三方翻译引擎 [1.2.2] - 新增 小牛翻译、GPT-4o、Deepseek等翻译引擎 - 新增 视频翻译可以区分网站单独开启或关闭 - 新增 重点单词支持自动发音 - 新增 PDF阅读支持划词翻译 [1.2.1] - AI语境整合到AI解释中 [1.1.9] - 划词搜索新增 「语境」,更好理解上下文(限时免费) [1.1.6] - 新增 PDF分屏翻译功能 - 新增 支持扫描格式PDF文件翻译 - 改进PDF文件阅读功能 - 允许自定义AI翻译引擎的地址 [1.1.5] - 新增 PDF分屏翻译功能 - 新增 支持扫描格式PDF文件翻译 [1.1.2] - 支持用户以生词本分组单词作为重点单词高亮 - Youtube字幕支持修改样式 字体大小等 [1.1.0] - 新增 单词查询框 - 新增 PDF页面支持划词搜索 - 新增 通过快捷键加入生词本 - 新增 Apple ID登录 - 新增 夜间模式 [1.0.7] - 新增YouTube字幕支持 - 支持自定义翻译快捷键 - 支持快速关闭段落翻译功能 - 支持划词图标 - 改进PDF翻译功能 - 支持默认生词本设置 ==插件主要功能介绍== 📰 网页翻译 - 一键快速翻译网页,双语逐段对照,轻松对比原文与译文; - 划选生词查看释义,配合AI语境分析,帮助精确理解单词; - 根据设置的词汇等级,高亮显示重点单词,助力词汇积累; - 支持翻译输入框内容,灵活设置目标语言、分割符及触发键。 🎞 视频字幕翻译 - 支持主流在线视频平台(如油管、B站等)自动生成双语字幕; - 选中字幕生词查看释义,配合AI语境分析,帮助精确理解单词。 📚 在线文本翻译 - 实时翻译,覆盖全球主要语言,助力无障碍跨语言交流; - 支持自定义术语库,匹配领域用词,更符合专业翻译要求。 📃 免费PDF文档翻译 - 采用沉浸式翻译排版,原文、译文对照呈现,方便阅读学术论文、技术手册等; - 可灵活设置译文字体、颜色等样式,打造专属的个性化阅读界面; - 支持一键导出双语对照翻译文档,方便后续的保存、分享和使用。 💡 翻译引擎&风格自定义 - 搭载数款前沿大模型引擎,可自行配置API KEY。深度理解复杂文本,重新定义智能翻译边界; - 内置丰富官方翻译风格(口语化、书面化、分段解析翻译等),支持自定义翻译风格提示词。
Risk Assessment
Pending0 security findings detected across all analyzers
Firefox extension requesting 9 permissions
No Threats Detected
This extension passed all security checks
About This Extension
No Findings
All security checks passed
AI Security Report
AI Security Analysis: Frhelper
Analysis generated: 2025-12-11T21:04:30+13:00
Model: gemini-3-pro-preview
Quick Facts
| Property | Value |
|---|---|
| UUID | 76287de0-b0ab-5df1-b0a5-a6563ceb7535 |
| Type | firefox |
| Version | |
| Users | 84 |
| Risk Score | 100.0/100 (CRITICAL) |
| Malware Detected | ⚠️ Yes |
| Secrets Exposed | ✅ No |
| Critical Vulns | ✅ No |
AI Analysis
Executive Summary
The "Frhelper" Firefox extension presents a CRITICAL security risk to the organization. The analysis has identified 4,602 security findings, with a significant number of high-severity indicators suggesting the extension possesses capabilities typically associated with malware, including system command execution, registry modification, and file manipulation. The publisher is unverified, and the user base is negligible (84 users), further increasing the likelihood that this is either a malicious tool or a compromised version of legitimate software. Immediate removal and blocking of this extension are required.
Threat Assessment
The security posture of this extension is extremely poor. The analysis reveals a pattern of behavior that extends well beyond the standard permissions of a browser extension, suggesting it may attempt to break out of the browser sandbox or deploy a native payload.
- System Integrity Compromise: The presence of
postinstall_system_command,postinstall_registry_modification, andpostinstall_persistence_mechanismindicates that this software attempts to modify the host operating system, execute arbitrary commands, and ensure it remains active even after a reboot. - Data Exfiltration Risk: Findings related to
postinstall_file_download,postinstall_network_communication, andpostinstall_file_manipulationsuggest the capability to download external payloads, read local files, and transmit data to external servers. - Evasion Techniques: The presence of
postinstall_obfuscationandNoUseEval(often used to hide malicious code execution) indicates an attempt to hinder security analysis and hide the extension's true logic. - Supply Chain/Impersonation Risk: The developer name "欧路软件" (Eudic Software) corresponds to a legitimate dictionary software company. However, the publisher is unverified and the user count is extremely low. This strongly suggests this may be a fake or trojanized version of a legitimate tool intended to target specific users.
Risk Justification
Risk Score: 100.0/100 (CRITICAL)
This score is fully justified and accurate based on the findings. A standard browser extension should operate within a sandbox. The findings indicate this extension violates that boundary.
- Severity of Capabilities: The ability to write to the registry and execute system commands is the highest tier of risk.
- Volume of Indicators: Over 300 HIGH-severity matches is exceptionally rare and indicates a codebase saturated with dangerous patterns.
- Lack of Trust: Zero trust score and an unverified publisher negate any benefit of the doubt.
Key Findings
- System Command Execution (Multiple Counts): YARA rules flagged code capable of executing shell or system-level commands (
postinstall_system_command). This allows the attacker to control the underlying OS, not just the browser. - Persistence Mechanisms: The extension contains code designed to establish persistence (
postinstall_persistence_mechanism,postinstall_registry_modification), likely adding itself to startup folders or registry run keys to survive reboots. - File System Manipulation: The extension can read, write, and download files (
postinstall_file_manipulation,postinstall_file_download). This is often used to drop second-stage malware or steal sensitive documents. - Obfuscation: The code is obfuscated (
postinstall_obfuscation), which is a deliberate step to prevent security tools and analysts from understanding the code's intent. - Cryptographic Operations: The presence of
postinstall_crypto_operationsin this context is concerning; while it could be for legitimate communication, combined with the other findings, it suggests potential ransomware capabilities or encrypted Command & Control (C2) traffic.
Recommendations
- Immediate Removal: Force-uninstall this extension from all endpoints immediately.
- Blocklist: Add the UUID
76287de0-b0ab-5df1-b0a5-a6563ceb7535to the organization's browser blocklist policy. - Incident Response: For any machine where this was installed:
- Isolate the machine from the network.
- Scan for persistence mechanisms (Registry Run keys, Scheduled Tasks, Startup folders).
- Review network logs for traffic to unknown IPs/domains originating from that host.
- Credential Reset: As the extension had file access and network capabilities, assume browser-stored credentials on affected machines are compromised. Reset passwords for users who had this installed.
Mitigation Strategies
Given the Critical risk level and the nature of the findings (system-level compromise), there is no safe way to mitigate the risk while using this specific extension.
- Alternative Software: If the user requires a French dictionary tool (implied by the name "Frhelper"), source a verified extension from a trusted vendor (e.g., Google Translate, DeepL) or use the official, verified desktop application from a reputable vendor, ensuring the download source is valid.
- Sandboxing (Theoretical): If this specific UUID must be analyzed or used for research, it must be done inside a non-persistent, air-gapped Virtual Machine with no access to production data or credentials.
Confidence Assessment
Confidence Level: 80%
- Supporting Factors: The sheer volume of specific YARA matches (Registry, Persistence, System Command) provides a strong signal. The combination of these specific flags rarely occurs in benign extensions.
- Limiting Factors: Static analysis (YARA) detects code patterns, not intent. It is theoretically possible (though unlikely given the unverified status) that this is a legitimate "helper" tool that aggressively installs a native host application to function. However, without source code review or dynamic analysis (observing it run), we must assume the worst-case scenario based on the capabilities detected. The "postinstall" naming convention in the rules strongly implies a script running after installation, which is a high-risk behavior.
Disclaimer
This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace