Closed
Bug 759950
Opened 12 years ago
Closed 12 years ago
Blocklist malicious "abusable.net" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorgev, Assigned: jorgev)
Details
What I did? Downloaded add-on from http://abusable.net/x/video.php?56473456456 What happened? DL URLs: FF - http://abusable.net/x/video.php?id=1 Analysis: Loads JS from the add-on Calls out to the following URLs (both return the same data) http://juyh12.me/j.php http://kmjh78.asia/j.php juyh12.me/j.php and kmjh78.asia/j.php: injects http://juyh12.me/js_f.php?v=tg0002 a library of functions to: grab a user's Facebook or Tagged session details solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u send log data to http://juyh12.me/ss.php?r post to Facebook and Tagged js_f.php: same code as j.php What should have happened? It shouldn't steal your Facebook session information and post as a user without their consent.
Assignee | ||
Comment 2•12 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i99
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•