Is Navigate Up WE safe to use?

Navigate Up WE has a security risk score of 0/100 (MINIMAL risk). Our security analysis detected 0 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of Navigate Up WE?

Based on our automated security analysis, Navigate Up WE presents minimal risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "Navigate Up WE" on Firefox Add-ons Safe to Install?

Name: Navigate Up WE
Availability: InStock
Rating: 4.8028 (71 reviews)
Author: DW-dev

DW-dev · firefox · v4.4

CHANGES Version 4.4 • Minor change. OVERVIEW Navigate Up WE provides a simple facility to navigate up one or more levels of the URL path. Navigate Up WE is an alternative no-restart version of the well established Navigate Up add-on. Navigate Up WE is implemented using the new WebExtensions API and is available for both Firefox and Chrome with identical functions and user interfaces. OPTIONS PAGE The Navigate Up WE Options page can be accessed as follows: • Firefox - On the menu bar select Tools > Add-ons (or press Ctrl+Shift+A), select the Extensions tab, and then click on the Options button. • Chrome - Right-click on the toolbar button, and then select Options. TOOLBAR BUTTON After installation of Navigate Up WE, there will be a new green 'up-arrow' button on the main toolbar. If Navigate Up WE cannot be used with the current page, the toolbar button will be disabled (greyed-out). To navigate up, just click on the Navigate Up WE icon. To open higher-level URLs in new tabs or windows, use modifier keys (or middle-click). There is an option to set the button action as: • Navigate Up One Level • Navigate Up to Root There is an option to double-click on the button to Navigate Up To Root. CONTEXT MENU & BUTTON MENU To navigate up to a specific level, right-click on the page contents to open the context menu, select the Navigate Up WE sub-menu, and then select one of the menu items. Alternatively, right-click on the Navigate Up WE toolbar button to open the button menu, and then select one of the menu items. The menus are divided into two sections: • The first contains two menu items for quick access - Navigate Up One Level and Navigate Up To Root. • The second contains menu items for each higher level URL, plus one or two menu items for related high level URLs. There is an option to show/hide the Navigate Up WE submenu item on the context menu. There are options to show/hide the Navigate Up One Level and Navigate Up To Root menu items. There is an option to open higher-level URLs (shown in menus) in new background/foreground tabs. There is an option to open higher-level URLs (shown in menus) in new tabs or windows using modifier keys (or middle-click). KEYBOARD SHORTCUTS To navigate up, press Alt+U. This shortcut can be reconfigured in the Shortcuts tab of the Navigate Up WE Options page. SUPPORT Please e-mail: [email protected] LICENSE Distributed under the GNU General Public License version 2. See LICENCE.txt file and http://www.gnu.org/licenses/

Risk Assessment

Pending

out of 100

MINIMAL

0 security findings detected across all analyzers

Firefox extension requesting 6 permissions

No Threats Detected

This extension passed all security checks

About This Extension

No Findings

All security checks passed

AI Security Report

AI Security Analysis: Navigate Up WE

Analysis generated: 2025-12-11T20:02:47+13:00
Model: gemini-3-pro-preview

Quick Facts

Property	Value
UUID	`ad93169d-84a8-51df-ae40-43cbc0e31c9a`
Type	firefox
Version
Users	581
Risk Score	100.0/100 (CRITICAL)
Malware Detected	⚠️ Yes
Secrets Exposed	✅ No
Critical Vulns	✅ No

AI Analysis

Executive Summary

Risk Level: CRITICAL (100/100)

The "Navigate Up WE" extension presents an immediate and severe security threat. Automated analysis has detected 14 high-severity malware signatures indicating capabilities typically associated with system compromise, including system command execution, persistence mechanisms, and cryptographic operations. While the extension also contains over 7,000 indicators of compromise (IOCs) related to Japanese domains, these likely represent a bundled domain validation library rather than active targeting. However, due to the presence of potential malware payloads and the unverified status of the developer, this extension should be considered unsafe for use in any enterprise environment.

Threat Assessment

1. Potential Malware Payload (High Severity)

The most concerning aspect of this analysis is the presence of 14 YARA rule matches tagged with postinstall prefixes.

System Manipulation: Findings such as postinstall_system_command, postinstall_file_manipulation, and postinstall_persistence_mechanism suggest the extension contains code designed to operate outside the standard browser sandbox.
Malicious Behavior Patterns: The combination of obfuscation, crypto_operations, and file_download signatures is highly characteristic of "droppers" or Remote Access Trojans (RATs) that attempt to download additional payloads, hide their code, and establish persistent access to the host machine.
Contextual Anomaly: A simple utility extension designed to navigate up URL hierarchies ("Navigate Up") has no legitimate business justification for containing code that executes system commands or establishes persistence.

2. Supply Chain / Library Noise (Medium Severity)

The analysis flagged over 7,300 domains (e.g., kaga.ishikawa.jp, nakai.kanagawa.jp) as Indicators of Compromise.

Likely Cause: These domains appear to be entries from the Public Suffix List (PSL) or a similar domain validation dataset. It is highly probable that the developer bundled a massive library (like psl in Node.js) which contains these domains.
Assessment: While these inflate the finding count, they likely represent "noise" (benign data) rather than active malicious network infrastructure. However, the sheer volume obscures other potential threats.

3. Developer Trust

Unverified Publisher: The developer "DW-dev" is not verified.
Low Reputation: With only 581 users, there is insufficient community vetting to establish trust.

Risk Justification

The CRITICAL (100/100) risk score is JUSTIFIED.

Although the high volume of IOCs (7,000+) appears to be a false positive related to a bundled library, the 14 High-Severity Malware Signatures cannot be ignored. The presence of code signatures for system commands, persistence, and obfuscation within a browser extension is a "never-event" in secure software development. Until proven otherwise via manual code review, this artifact must be treated as active malware.

Key Findings

System Command Execution (Multiple Counts): YARA rules detected code patterns used to execute commands on the underlying operating system (postinstall_system_command), violating the browser security model.
Persistence Mechanisms: The postinstall_persistence_mechanism finding indicates an attempt to ensure the malicious code survives browser restarts or system reboots.
Obfuscation & Crypto: The presence of postinstall_obfuscation and postinstall_crypto_operations suggests an intent to hide malicious logic from scanners and analysts.
Massive Domain List Inclusion: The extension contains thousands of references to Japanese regional domains (.ishikawa.jp, etc.), likely indicating the improper bundling of a domain parsing library, which complicates security scanning.

Recommendations

IMMEDIATE BLOCK: Add the extension UUID (ad93169d-84a8-51df-ae40-43cbc0e31c9a) to the organization's browser blocklist immediately.
REMOVAL: Force-uninstall this extension from any endpoints where it is currently detected.
INCIDENT RESPONSE: If this extension is found on high-value targets (executive laptops, developer workstations), initiate an incident response procedure to check for:
- Unusual scheduled tasks or registry keys (Persistence).
- Unrecognized background processes.
- Unexpected network traffic.
NETWORK BLOCKING: While the Japanese domains are likely benign library data, ensure endpoint protection systems are active to catch the postinstall_file_download attempts flagged in the analysis.

Mitigation Strategies

There are no safe mitigation strategies for using this specific version of the extension due to the high probability of embedded malware.

If "Navigate Up" functionality is strictly required for business operations:

Identify Alternatives: Seek a verified extension from a trusted publisher (e.g., "Mozilla Recommended") that offers similar URL navigation features.
Strict Isolation: If this specific UUID must be analyzed or used, it must be done inside a non-persistent, network-isolated Virtual Machine (VM) that is destroyed immediately after use.

Confidence Assessment

Confidence Level: 80%

Supporting Factors: The specific combination of YARA tags (system_command + persistence + obfuscation) is a very strong indicator of malicious intent or a compromised supply chain (e.g., a malicious NPM package bundled into the extension).
Limiting Factors: Without manual source code review, there is a slight possibility that the developer included a setup script (like a package.json with postinstall scripts intended for development) inside the final production build by mistake. While this would be a gross negligence in build security, it could trigger these alerts without the extension actively executing them in the browser. However, given the risk profile, we must assume the worst-case scenario.

Disclaimer

This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.

Source Code Viewer