Closed
Bug 780918
Opened 12 years ago
Closed 11 years ago
Malicious "emotimania" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
VERIFIED
FIXED
2013-06-20
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
31.08 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.57 Safari/537.1 Steps to reproduce: Downloaded add-on from www.emotimania/plugin/memes/plugin_meme2.xpi Actual results: Loads memeplugin.js from the addon container memeplugin.js: defines a bunch of JS to do DOM/CSS manipulation injects http://www.emotimania.com/memes/plugin/memeplugin.js memeplugin.js (remote copy): packed JS inserts a whos.amung.us tag inserts a Google Analytics tag (acct: UA-17000707-8) injects http://www.emotimania.com/plugin/4dTgkd.js http://www.emotimania.com/plugin/h4dfaK.js 4dTgkd.js: Swaps out ads that are hosted via iframe with ads hosted on http://www.mimejoorfrase.com/ad.php h4dfaK.js: Injects an ad iframe pointing to http://ad.foxnetworks.com/st?ad_type=iframe&ad_size=728x90§ion=3129889&pub_url=mimejoorfrase.com It looks for a specific set of sites to inject on (incl. Facebook), most in the list are Spanish language sites. Expected results: It should not inject ads or replace ads on the sites a user visits, without their knowledge.
Assignee | ||
Comment 1•11 years ago
|
||
The id had already been blocked (https://addons.mozilla.org/en-US/firefox/blocked/i115), but the wrong block level was set, so that's probably the reason it wasn't working correctly. Fixed now.
Assignee: nobody → jorge
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•11 years ago
|
Target Milestone: --- → 2013-06-20
Comment 2•11 years ago
|
||
Verified as fixed in https://addons.mozilla.org/ on FF21 (Win 7). The add-on has been blocked. Closing bug.
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•