Closed Bug 755635 Opened 12 years ago Closed 12 years ago

Malicious "Zaman Tuneli Kadir!" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mhammell, Assigned: jorgev)

Details

Attachments

(1 file)

20120515_zaman.zip (password 'infected')
11.97 KB, application/octet-stream
Details 
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5

Steps to reproduce:

Downloaded add-on from http://zamantunelinikaldir.com/


Actual results:

Add-on injects http(s)://www.zamantunelinikaldir.com/timelineremove.js which, provided your referrer is set to Facebook, injects an iframe loading  http://www.zamantunelinikaldir/.com/onFrame.html

After the iframe loads, the user's Facebook session tokens are stolen and posted to the page loaded in the iframe.  Those stolen tokens are then used to spam Facebook.


Expected results:

It should not steal your session tokens and post them to a 3rd party server.
Id: {68b8676b-99a5-46d1-b390-22411d8bcd61}
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i93
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: