Closed
Bug 1117285
Opened 9 years ago
Closed 9 years ago
Blocklist malicious add-ons
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: toadyshadow101, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141126041045 Steps to reproduce: Request blocklisting on following addons gtffxtbr@GamingWonderland.com 4zffxtbr@VideoDownloadConverter_4z.com 5zffxtbr@CouponXplorer_5z.com 39ffxtbr@MapsGalaxy_39.com 65ffxtbr@FromDocToPDF_65.com 1gffxtbr@InboxAce_1g.com 9tffxtbr@InternetSpeedTracker_9t.com Actual results: Reports with these addons installed can be found here https://crash-stats.mozilla.com/report/index/f301c4a8-748d-4ecb-943b-b9b722150102 https://crash-stats.mozilla.com/report/index/6adab6f0-58da-4934-b23f-78e482150101 https://crash-stats.mozilla.com/report/index/21328012-741d-4455-a3c1-4f6d62141228 https://crash-stats.mozilla.com/report/index/3036fbba-3aaa-463d-8e85-c1e342141230 https://crash-stats.mozilla.com/report/index/aec53780-f2a7-4d6e-8a7f-17bb02141230 https://crash-stats.mozilla.com/report/index/d6da4559-29e2-4171-bd12-cd2752150102 A friends Firefox would constantly crash and when looking at his installed addons found a GUID 9tffxtbr@InternetSpeedTracker_9t.com when looking on crash-stats it appears their. Unfortunately his hdd was nuked (Formatted) so unable to provide a sample. Expected results: Not sure if his crashes were associated with the addon but he has not had a single crash since the re installation of windows. I am reporting this issue on his behalf.
CC'ed Jorge.
Component: Untriaged → Blocklisting
Flags: needinfo?(jorge)
Product: Firefox → addons.mozilla.org
Summary: malicious addons → Blocklist malicious add-ons
Version: 34 Branch → unspecified
Comment 2•9 years ago
|
||
Can you explain why you think these add-ons are malicious?
Flags: needinfo?(jorge) → needinfo?(toadyshadow101)
Hi Jorge When helping me friend narrow down what was causing his crashes i asked him in Skype to provide a the text readout from about:support and the addon GUID 9tffxtbr@InternetSpeedTracker_9t.com was there and when checking out the list and checking the crash-stats i found other users with that addon, When looking further into it i found many addons with "ffxtbr@" in front of there name and similar naming convention on the end of the GUID and with almost the same version number, Also when Googling the GUIDS all in one form or another were flagged as PUPs. example: gtffxtbr@GamingWonderland.com 6.83.5.43442 4zffxtbr@VideoDownloadConverter_4z.com 6.83.5.46944 39ffxtbr@MapsGalaxy_39.com 6.84.5.57529 65ffxtbr@FromDocToPDF_65.com 6.83.5.44916 1gffxtbr@InboxAce_1g.com 6.83.5.44959 5zffxtbr@CouponXplorer_5z.com 2.73.1.40123 While he formatted his computer because of other viruses i thought i would report this just in case. For me this sent red flags. Please forgive me if these are legit addons.
Flags: needinfo?(toadyshadow101)
Comment 5•9 years ago
|
||
Kris, can you look into the stats for those IDs?
Flags: needinfo?(jorge) → needinfo?(kmaglione+bmo)
Comment 6•9 years ago
|
||
As far as I've been able to determine in the past, these add-ons are all Ask toolbar add-ons installed manually via the websites in their IDs. Their current stats, from a 5% sample (enabled, disabled, foreign installs): 4zffxtbr@VideoDownloadConverter_4z.com 26929, 14133, 11848 39ffxtbr@MapsGalaxy_39.com 21917, 6777, 5511 65ffxtbr@FromDocToPDF_65.com 15379, 4521, 3636 9tffxtbr@InternetSpeedTracker_9t.com 14452, 1423, 587 gtffxtbr@GamingWonderland.com 12703, 3136, 2000 1gffxtbr@InboxAce_1g.com 7527, 2147, 1699 5zffxtbr@CouponXplorer_5z.com 1642, 808, 578 65ffxtbr-bs@FromDocToPDF_65.com 6, 32, 17 gtffxtbr-bs@GamingWonderland.com 6, 12, 5 39ffxtbr-bs@MapsGalaxy_39.com 5, 23, 13 1gffxtbr-bs@InboxAce_1g.com 5, 13, 3 5yffxtbr@PartnerVideoDownloadConverter_5y.com 2, 8, 7 4zffxtbr-bs@VideoDownloadConverter_4z.com 2, 1813, 91 5zffxtbr-bs@CouponXplorer_5z.com 1, 2, 0 9tffxtbr-bs@InternetSpeedTracker_9t.com 0, 14, 0
Flags: needinfo?(kmaglione+bmo)
Comment 7•9 years ago
|
||
Okay, so I don't think there's anything to do here. If there's a strong correlation between any of these add-ons and crashes in Firefox, please file independent bugs for them.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•