Closed Bug 1491717 Opened 6 years ago Closed 6 years ago

Extension block request: Safe@vietbacsecurity.com

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mxn, Unassigned)

Details

Extension name: SafeKids
Extension UUID: Safe@vietbacsecurity.com
Extension versions to block: 2.1
Applications, versions, and platforms affected: All
Block severity: hard

Homepage, AMO listing, other references and contact info:

https://addons.mozilla.org/en-US/firefox/addon/safekids/
https://www.vietbacsecurity.com/ (author website)
https://blog.mybloggertricks.org/api.php (keystrokes and history went here)

Reasons:

This particular version turned the extension into a keylogger that sends all keystrokes and browsing history to a server without permission and for no apparent reason (very similar to bug 1491716). This behavior contradicts the bilingual privacy policy that appears to have been written to deceive AMO reviewers. I've reported this extension for abuse but it has yet to be taken down.
http://notes.1ec5.org/archives/2018/09/16/webextensions.html details this extension's privacy-violating functionality.
The block has been staged. Stuart, please review and push.
Flags: needinfo?(scolville)
Approved and pushed
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(scolville)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.