Versions of this add-on from 0.5.0.1 through 0.6.10 contain code which update arbitrary files within the add-on after it has been installed. Moreover, the list of files to update and the sources from which to fetch the updates, is retrieved over HTTP URLs. Since this is a serious security issue, and a violation of multiple AMO policies, affected versions should be blocklisted. ID: firstname.lastname@example.org
There's a new version that has now been approved. I'll block the bad versions in 2 weeks, to ensure most users will have updated to the safe version.
Assignee: nobody → jorge
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2015-08
You need to log in before you can comment on or make changes to this bug.