Closed
Bug 719605
Opened 12 years ago
Closed 12 years ago
Malicious "Peliculas-flv" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
(Whiteboard: [Read comment #15 before posting!])
Attachments
(1 file)
|
904.31 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7 Steps to reproduce: User encouraged to visit peliculas-flv.com User told they need to install something to see videos Actual results: Downloaded add-on from: http://cinetube.bligoo.com/media/users/4/216477/files/27183/peliculas-flv03.xpi http://cinetube.bligoo.com/media/users/4/216477/files/27183/peliculas-flv03.crx install.rdf has http://www.peliculas-flv.com as the homepage Loads content/script-compiler-overlay.xul, which loads: content/defined in content/xmlhttprequester.js content/prefman.js content/script-compiler.js content/script-compiler.js does some checks to see if it's on a preferred list of sites, including http://www.facebook.com/, if so, it injects 'content/cuevanastream.js' content/cuevanastream.js injects a <script> tag that loads http://www.peliculas-flv.com/plugins/servers/pflv.js?vs=3.0 plfv.js checks to see if the users is on facebook.com, youtube.com, or google.com, if so, it injects another <script> that loads http://www.peliculas-flv.com/plugins/servers/infolinks.js infolinks.js injects a <script> tag to load http://resources.infolinks.com/js/infolinks_main.js infolinks_main.js is packed JS, which injects another script tag to load: http://www.peliculas-flv.com/plugins/servers/prueva.js Prueva.js injects an add from http://www.pornito.net/ Uses it's own XHR (defined in content/xmlhttprequester.js), to get in the browser security context and do cross-site requests Also injects an iframe in with legit Facebook ads The attached zip contains the xpi, screenshots, and all of the remote JS files referenced above. Expected results: It should actually help play videos, not inject ads into third-party sites' DOM.
|
Assignee | |
Comment 1•12 years ago
|
||
Id: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 2•12 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i53 Thanks!
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 3•12 years ago
|
||
Excuse me, but you made a mistake, this extension shouldn't be blocked. Here is the deal: The cuevana extension is legit. Their site is cuevana.tv, and it's one of the best movie sites out there, The guys actually took the job of creating Chrome/Firefox extensions to automate the job of megaupload/rapidshare/etc download, adding subs, etc. It's widely used in many countries, and it's specially popular in Argentina, where it has MILLIONS OF USERS. Recently, it's been attacked heavily by the usual copyright trolls, saying it was illegal. In Argentina, it's not illegal to LINK to copyrighted content, and as cuevana doesn't host anything, they are in the clear, at least for now. Obviously peliculas-flv and many other sites are piggybacking on cuevana's success, but the original cuevana extension is legit, and it only adds ONE advertisement while the movie is loading (and that one is easily blocked with adblock plus). You can learn about cuevana here: http://thenextweb.com/la/2011/11/25/is-the-argentine-online-video-website-cuevana-the-new-napster/ Or just google it, the site is legit, and it's not malware. They are even trying to add LEGAL content now (i.e, content that doesn't violate anyone's copyright). Source: http://www.rapidtvnews.com/index.php/2011122318272/cuevana-premieres-first-legally-uploaded-movie.html Or just check cuevana.tv, the movie is featured on the front page. Some MAJOR media corporations have been threatening cuevana and spreading ****. Blocking their plugin is helping those guys, and can prove more effective than SOPA at doing so ;) Source: http://www.rapidtvnews.com/index.php/2011111917181/telefe-threatens-with-legal-action-against-cuevana.html http://articles.cnn.com/2011-12-13/americas/world_americas_argentina-movie-site_1_escobar-s-cnn-free-content?_s=PM:AMERICAS Please remove the cuevana's extension block. Regards, Sebastian.
|
|
||
Comment 4•12 years ago
|
||
Edit: The plugin you where trying to block was downloaded from: http://cinetube.bligoo.com/media/users/4/216477/files/27183/peliculas-flv03.xpi http://cinetube.bligoo.com/media/users/4/216477/files/27183/peliculas-flv03.crx That domain is UNRELATED to cuevana. Cuevana's XPI md5sum is: 86b122dc9bc0b8d05207061587697b6f cinetube's XPI md5sum is:38e06ef6765c63b837d01ff35c8c65c0 So, please just unblock cuevana. Thanks, Sebastian.
|
||
Comment 5•12 years ago
|
||
I agree and support everything Sebastian said. Censorship of Cuevanaa is a big mistake. And you should be careful about the erroneous sources of information. Million of regular users of Mozilla are also users of Cuevana and want to continue using it. Please remove the cuevana's extension block ASAP. Thanks, Julieta
You made a mistake, you are trying to use a plugin downloaded from other site, cuevana has nothing to do with [B] Cinetube [\B] please remove the block, otherwise you will make ppl use another programs to access it, this is my Browser, but if you start denying access to the pages that we daily use, ppl wont have other choice but to change browsers, and I really don't want that. If you guys get into Cuevana.tv you could see that they have complains about ppl that confused, used the plugin from the page you are talking (http://cinetube.bligoo.com/media/users/4/216477/files/27183/peliculas-flv03.xpi) and they have nothing to do with them. Thanks
|
||
Comment 7•12 years ago
|
||
cuevana it is the most importante movie broadcasting here en south amarica, if you dont work for SOPA, please remove the block, or everybody will be star to use Safari o Explorer, youre choice....( really, you made a big mistake.!!!.)
As the Cuevana reps have already mentioned, we were reporting the version being served from www.peliculas-flv.com / cinetube.bligoo.com, not the one associated with Cuevana. If someone from Cuevana could post a link here to their legit add-on, I think we can get to the bottom of the problem. My guess is the bad actors used the same ID, a3a5c777-f583-4fef-9380-ab4add1bc2a8, as the legit version does, causing the inadvertant block of both the spammy add-on *AND* the legit one from Cuevana.
|
||
Comment 9•12 years ago
|
||
This is a mistake.. the Malicious "Peliculas-flv" add-on is from another website.. not from cuevana.
|
||
Comment 10•12 years ago
|
||
Removed the block until this can be investigated.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 11•12 years ago
|
||
Please file these bugs in Blocklisting component in the future.
Component: Add-on Security → Blocklisting
|
||
Comment 12•12 years ago
|
||
Im still getting the block... how i solve this or when the changes are going to be applied? This is the link to the plugin http://www.cuevana.tv/player/plugins/cstream-3.1.5.xpi
|
|
||
Comment 13•12 years ago
|
||
Please Jorge Villalobos [:jorgev] delete above comment, after reading (didnt know, and didnt want my email showing here)
|
||
Comment 14•12 years ago
|
||
I fully support what people are stating here. Cuevana.tv is not a malicious site, nor his plugins. please remove the block!!
|
|
Assignee | |
Comment 15•12 years ago
|
||
I have reinstated the block to match the version number of the malicious XPI, which is 2.0.3. The current Cuevana XPI has version 3.1.5, so current versions should be unaffected by this new block. Both Cuevana and Peliculas-FLV use the same id, which is the reason Cuevana was accidentally blocked. We only intended to block Peliculas-FLV, which behaves maliciously. The Cuevana add-on should be eventually unblocked for everyone, but if you want to reinstate it as soon as possible, just locate your profile folder, delete file blocklist.xml, and then restart Firefox.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
Whiteboard: [Read comment #15 before posting!]
|
||
Comment 16•12 years ago
|
||
Que clase de broma ridicula es esta? ustedes no pueden bloquear una extensión como esta, en todo caso somos los usuario de Firefox lo que deberiamos tener derecho de instalarlo o no, acaso se les olvido cual supuestamente es el horizonte de este navegador? Les pregutno seriamente, piensan coartar las libertades en la internet al igual otros grandes de la red? No nos decepcionen que pudiera costarles caro, es hora de la verdad. TRADUCCIÓN (CON GOOGLE OBVIO) / TRANSLATION (WITH GOOGLE OBVIOUS): What kind of ridiculous joke is this? you can not lock an extension like this, in any case we are what Firefox user should have the right to install it or not, maybe they forgot which supposedly is the horizon of this browser? I ask seriously, think restricting freedoms in the internet like the other major network? It could cost us dearly disappointed that it's time for truth.
|
Reporter | |
Comment 17•12 years ago
|
||
Jorge, Thanks for getting to the bottom of this. Any way we can prevent the inadvertent block of legit add-ons, when the malicious one has pirated their ID?
|
|
Assignee | |
Comment 18•12 years ago
|
||
(In reply to José Augusto Linárez Ferrer from comment #16) > Que clase de broma ridicula es esta? ustedes no pueden bloquear una > extensión como esta... Favor leer el comentario #15, usando Google si es necesario. (In reply to Mark Hammell from comment #17) > Jorge, > > Thanks for getting to the bottom of this. Any way we can prevent the > inadvertent block of legit add-ons, when the malicious one has pirated their > ID? I just need to be more careful researching the IDs associated to the add-ons we block, to check if we need to narrow down the block parameters. This can be very difficult for add-ons not hosted on AMO, though, and problems like these are bound to arise on occasion.
|
||
Comment 19•12 years ago
|
||
REMOVE DE BLOCK! NO MORE FIREFOX CENSORED! Chrominium ruls **** YOU FIREFOX
|
|
Reporter | |
Comment 20•12 years ago
|
||
Jorge - Yep, seems like an inadvertent mistake to me. One that Justin and I postulated on when these things first started ramping up. I'd have thought a check of AMO is safe to prevent most of these. Unfortunately, I can't find the legit Cuevana add-on in in AMO :(
|
|
Assignee | |
Comment 21•12 years ago
|
||
***** POR FAVOR LEAN ESTE COMENTARIO ANTES DE ESCRIBIR ***** Este bug se creó para bloquear un complemento llamado Peliculas-FLV, que tiene código malicioso y que puede causar problemas para sus usuarios. Lamentablemente, Peliculas-FLV utiliza el mismo ID que Cuevana (el cual NO queremos bloquear), y por eso los usuarios de Cuevana se vieron afectados por el bloqueo. Una vez que descubrimos nuestro error, el bloqueo se revertió, y actualmente solo aplica a la version 2.0.3, que corresponde a Peliculas-FLV. La version actual de Cuevana es 3.1.5, así que actualmente no está afectada por el bloqueo. Si su Firefox actualizó la lista de bloqueo durante el tiempo que estaban bloqueadas todas las versiones, es posible que todavía tengan Cuevana bloqueado. El problema se va a arreglar una vez que Firefox actualice la lista de nuevo, que debería suceder en menos de 24 horas. Si desean actualizar la lista cuanto antes, sigan las siguientes instrucciones: 1) Cerrar Firefox 2) Ubicar su perfil: http://support.mozilla.org/es/kb/Perfiles 3) Remover el archivo blocklist.xml Eso debería forzar al Firefox a actualizar la lista de bloqueo en el siguiente inicio. ***** POR FAVOR LEAN ESTE COMENTARIO ANTES DE ESCRIBIR *****
|
||
Comment 22•12 years ago
|
||
Muchas gracias al equipo de Mozilla Firefox por escuchar nuestras quejas y trabajar en consonancia con lo que siempre ha sido la mistica de este excelente Browser. Two Thumbs Up
|
|
||
Comment 23•12 years ago
|
||
Hey Jorge agradecido por la rápida solución al inconveniente, tendrás que comprender que los ánimos están sensibles y caldeados luego del cierre a megaupload, desecho esa idea terrible que me paso por la mente de dejar de usar el mejor navegador...: Firefox. Sigan así. (In reply to Jorge Villalobos [:jorgev] from comment #21) > ***** POR FAVOR LEAN ESTE COMENTARIO ANTES DE ESCRIBIR ***** > > Este bug se creó para bloquear un complemento llamado Peliculas-FLV, que > tiene código malicioso y que puede causar problemas para sus usuarios. > > Lamentablemente, Peliculas-FLV utiliza el mismo ID que Cuevana (el cual NO > queremos bloquear), y por eso los usuarios de Cuevana se vieron afectados > por el bloqueo. Una vez que descubrimos nuestro error, el bloqueo se > revertió, y actualmente solo aplica a la version 2.0.3, que corresponde a > Peliculas-FLV. La version actual de Cuevana es 3.1.5, así que actualmente no > está afectada por el bloqueo. > > Si su Firefox actualizó la lista de bloqueo durante el tiempo que estaban > bloqueadas todas las versiones, es posible que todavía tengan Cuevana > bloqueado. El problema se va a arreglar una vez que Firefox actualice la > lista de nuevo, que debería suceder en menos de 24 horas. Si desean > actualizar la lista cuanto antes, sigan las siguientes instrucciones: > > 1) Cerrar Firefox > 2) Ubicar su perfil: http://support.mozilla.org/es/kb/Perfiles > 3) Remover el archivo blocklist.xml > > Eso debería forzar al Firefox a actualizar la lista de bloqueo en el > siguiente inicio. > > ***** POR FAVOR LEAN ESTE COMENTARIO ANTES DE ESCRIBIR *****
|
||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•