Closed
Bug 1294418
Opened 8 years ago
Closed 8 years ago
[Ubuntu] Youtube Unblocker is not automatically uninstalled
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: vtamas, Unassigned)
References
Details
(Keywords: sec-low)
Attachments
(1 file)
271.39 KB,
application/x-zip-compressed
|
Details |
[Affected versions]: Firefox 44.0.1 (20160205155049) [Affected platforms]: Ubuntu 14.04 32-bit (VM) [Steps to reproduce]: 1.Launch Firefox with clean profile. 2.Navigate to about:config and set the following prefs to false: xpinstall.signatures.required and extensions.blocklist.enabled. 3.Install the malware Youtube Unblocker add-on and watcher.xpi one by one. 4.Wait a bit for the add-on to manifest itself. (around 5 minutes) 5.Restart the browser. 6.Install the Remediation add-on. [Expected results]: The malicious add-on is uninstalled due to security or stability issues. (Preferences set at step 1 are set back to true.) [Actual results]: - Youtube Unblocker add-on is not automatically uninstalled: http://screencast.com/t/IaU8BNqceC3 - Secmodd.db file is NOT deleted - Preferences set at step 1 are set back to true - After a browser restart, secmodd.db file is removed and the malware add-on is disabled but the "Enable" button is still displayed: http://screencast.com/t/Ms6znmDn [Additional notes]: - Youtube Unblocker add-on is *instantly* uninstalled whether step 4 is skipped which means the browser is automatically restarted after installing the malware add-on and the watcher.xpi: http://screencast.com/t/X4ns9qlJ
Comment 1•8 years ago
|
||
I think this is happening because the malware add-on gets updated shortly after it's installed, so we wind up with two copies running, only one of which we can actually poison. It's probably not likely to be an issue in practice, but I'm surprised by two things: 1) That the remediation add-on is still enabled after the restart (since it's unsigned, and signature requirements should have been re-enabled), and 2) That the Unblocker add-on is not blocked after a restart. If you still have this profile around, can you attach the values of the following preferences: extensions.malware-remediation.first-results extensions.malware-remediation.last-results xpinstall.signatures.required extensions.blocklist.enabled extensions.blocklist.url
Reporter | ||
Comment 2•8 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #1) > 1) That the remediation add-on is still enabled after the restart (since > it's unsigned, and signature requirements should have been re-enabled), and For this scenario it is used a signed remediation add-on because otherwise the system add-on disables itself before the youtube unblocker to be removed. The only unsigned add-on is watcher.xpi and we use it so in order to verify if the system add-on resets the signature pref back to normal. I’ve attached all the add-ons used for testing in Description. > 2) That the Unblocker add-on is not blocked after a restart. > > If you still have this profile around, can you attach the values of the > following preferences: > > extensions.malware-remediation.first-results > extensions.malware-remediation.last-results > xpinstall.signatures.required > extensions.blocklist.enabled > extensions.blocklist.url - xtensions.malware-remediation.first-results = {"blocklistDisabled":false,"mainAddonActive":true,"mainAddonBlocked":0,"foundUserJS":false,"secmoddAddon":"{0490250d-9e0f-42b9-9405-4a6a128f3e49}","hiddenAddons":[],"updateURLs":{}} - extensions.malware-remediation.last-results = {"blocklistDisabled":false,"mainAddonActive":true,"mainAddonBlocked":0,"foundUserJS":false,"secmoddAddon":"{0490250d-9e0f-42b9-9405-4a6a128f3e49}","hiddenAddons":[],"updateURLs":{}} - xpinstall.signatures.required = true - extensions.blocklist.enabled = true - extensions.blocklist.url = https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/ - To be noticed that the malware add-on is successfully blocked if step 4 is skipped. Preferences values for this case after restart: - extensions.malware-remediation.first-results = {"blocklistDisabled":true,"mainAddonActive":true,"mainAddonBlocked":2,"foundUserJS":false,"secmoddAddon":"{0490250d-9e0f-42b9-9405-4a6a128f3e49}","hiddenAddons":["{0490250d-9e0f-42b9-9405-4a6a128f3e49}"],"updateURLs":{"{0490250d-9e0f-42b9-9405-4a6a128f3e49}":"https://dummf1up57pez.cloudfront.net/watcher/update.rdf"}} - extensions.malware-remediation.last-results = {"blocklistDisabled":false,"mainAddonActive":false,"mainAddonBlocked":2,"foundUserJS":false,"secmoddAddon":"{0490250d-9e0f-42b9-9405-4a6a128f3e49}","hiddenAddons":[],"updateURLs":{}} - xpinstall.signatures.required = true - extensions.blocklist.enabled = true - extensions.blocklist.url = https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Group: toolkit-core-security → core-security-release
Reporter | ||
Comment 3•8 years ago
|
||
This issue is no longer reproducible on Firefox 44, Firefox 45.0 and Firefox 45.0.2 under Windows 7 64-bit and Ubuntu 14.04 32-bit while testing using the system add-on installed automatically via Timer Fire.
Status: RESOLVED → VERIFIED
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•