Closed Bug 759950 Opened 12 years ago Closed 12 years ago

Blocklist malicious "abusable.net" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jorgev, Assigned: jorgev)

Details

What I did?
Downloaded add-on from http://abusable.net/x/video.php?56473456456

What happened?
DL URLs: 
FF - http://abusable.net/x/video.php?id=1

Analysis:

Loads JS from the add-on
Calls out to the following URLs (both return the same data)
http://juyh12.me/j.php
http://kmjh78.asia/j.php

juyh12.me/j.php and kmjh78.asia/j.php:
injects http://juyh12.me/js_f.php?v=tg0002
a library of functions to:
grab a user's Facebook or Tagged session details
solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u
send log data to http://juyh12.me/ss.php?r
post to Facebook and Tagged

js_f.php:
same code as j.php


What should have happened?


It shouldn't steal your Facebook session information and post as a user
without their consent.
Id: pfzPXmnzQRXX6@2iABkVe.com
Status: NEW → ASSIGNED
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i99
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.