Closed Bug 578085 Opened 14 years ago Closed 14 years ago

Blocklist all versions of Mozilla Sniffer

Categories

(Toolkit :: Blocklist Policy Requests, defect, P1)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
5.11.4

People

(Reporter: jorgev, Assigned: morgamic)

References

(
URL
)

Details

(Whiteboard: [qa-]) 

The Mozilla Sniffer add-on (176005) has been found to be insecure to use and must be blocklisted at once. It is currently disabled on AMO and has about 266 active daily users.
GUID is {E8E88AB0-7182-11DF-904E-6045E0D72085}
Assignee: nobody → morgamic
Status: NEW → ASSIGNED
Admin panel was generating errors so I filed bug 578125.

Query is INSERT INTO `remora`.`blitems` ( `guid` ) VALUES ( '{E8E88AB0-7182-11DF-904E-6045E0D72085}' );

I'll put it on the blocklist page later.  Is there a bug we can reference that describes the issues you are talking about?  Usually I link to that originating bug.
I forwarded you the email, there wasn't a bug.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
I'm going to opt to not publish this on mozilla.com.  It has a small following and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't newsworthy since it's just sounds bad to begin with.
(In reply to comment #4)
> I'm going to opt to not publish this on mozilla.com.  It has a small following
> and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't
> newsworthy since it's just sounds bad to begin with.

I think we should inform users who were using this add-on. Users data was exposed and they need to make changes to keep themselves safe.

As far as I know the only way to do this is via the blocklist page on mozilla.com. If we aren't using that are there other ways to communicate with them?
(In reply to comment #5)
> I think we should inform users who were using this add-on. Users data was
> exposed and they need to make changes to keep themselves safe.
> 
> As far as I know the only way to do this is via the blocklist page on
> mozilla.com. If we aren't using that are there other ways to communicate with
> them?

We're going to be blogging about it. A draft of the blog post is being passed around now among the various involved parties.
Up to you guys -- it looks weird in the current list...

I'd like to have the blocklist page point to the blog post since this bug isn't really informative as far as they why.

Not having additional information to point to (originating bug with reasoning) was the main reason why I didn't post it on mozilla.com.  I think that'd be pretty weak.

So maybe once the blog post exists so people can understand more we can post it -- sounds fine w/ me.
Err... "as far as the why"
(In reply to comment #6)
> We're going to be blogging about it. A draft of the blog post is being passed
> around now among the various involved parties.

Cool, thanks for the update.
Here's the post for both CoolPreviews and Mozilla Sniffer: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.