Extension block request: {de71f09a-3342-48c5-95c1-4b0f17567554} and ar1er-ewrgfdgomusix@jetpack

RESOLVED FIXED

Status

()

defect
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: marco, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [extension])

We'd like to try blocking these addons to see if they help with the top crasher with signature "BaseThreadInitThunk".

They are malware anyway, so I guess they should be blocked regardless.

There are other possible candidates for blocking (see bug 1322554 comment 20), but these two are the most recurring ones, so I'd start with them.
Flags: needinfo?(jorge)
Flags: needinfo?(awilliamson)
Flags: needinfo?(amckay)
Flags: needinfo?(amckay)
Neither extension manipulates binaries or does anything that could cause a crash, as far as I can tell, so I don't think this bug will help with the crashes.

{de71f09a-3342-48c5-95c1-4b0f17567554} has been blocked:
https://addons.mozilla.org/en-US/firefox/blocked/i1493

ar1er-ewrgfdgomusix@jetpack isn't clearly malicious, so I'm contacting the developer before taking any action.
Flags: needinfo?(jorge)
Flags: needinfo?(awilliamson)
hi, 
samarth joshi here, 
as per my thought this page https://hosthpc.com/ should not be blocked as it does not contain any malicious data 

thank u,
Jorge,

We started seeing our conversion getting dropped for the distribution of our extension {de71f09a-3342-48c5-95c1-4b0f17567554} I am trying to look back in to the reported bug and chain of conversation but it is hard for me to follow through as thread seems to be long.

Is it possible to get summary of what is the issue with addonon so that we can get it fixed. 

Also why is the add-on categorized as malware.

Thanks,
Flags: needinfo?(mcastelluccio)
Flags: needinfo?(jorge)
(In reply to Deepak from comment #3)
> Jorge,
> 
> We started seeing our conversion getting dropped for the distribution of our
> extension {de71f09a-3342-48c5-95c1-4b0f17567554} I am trying to look back in
> to the reported bug and chain of conversation but it is hard for me to
> follow through as thread seems to be long.
> 
> Is it possible to get summary of what is the issue with addonon so that we
> can get it fixed. 
> 
> Also why is the add-on categorized as malware.
> 
> Thanks,

Marco/Jorge,

Reaching back again to see if you get chance to look at my comment from Saturday. Since the extension is blocked and it prompts user to disable the extension majority of our userbase is gone. I will really appreciate if you can provide any details back to us. 
 

Thanks,
Deepak
(In reply to Deepak from comment #4)
> (In reply to Deepak from comment #3)
> > Jorge,
> > 
> > We started seeing our conversion getting dropped for the distribution of our
> > extension {de71f09a-3342-48c5-95c1-4b0f17567554} I am trying to look back in
> > to the reported bug and chain of conversation but it is hard for me to
> > follow through as thread seems to be long.
> > 
> > Is it possible to get summary of what is the issue with addonon so that we
> > can get it fixed. 
> > 
> > Also why is the add-on categorized as malware.
> > 
> > Thanks,
> 
> Marco/Jorge,
> 
> Reaching back again to see if you get chance to look at my comment from
> Saturday. Since the extension is blocked and it prompts user to disable the
> extension majority of our userbase is gone. I will really appreciate if you
> can provide any details back to us. 
>  
> 
> Thanks,
> Deepak

Hello Deepak, we've noticed a spike in crashes with the signature from bug 1322554. Your addon happened to be installed for many of the users that are experiencing the crash and it was categorized as malware because of the deceptive name.

Can you explain how your addon is getting installed? How do you distribute it?
Flags: needinfo?(mcastelluccio)
(In reply to Marco Castelluccio [:marco] from comment #5)
> (In reply to Deepak from comment #4)
> > (In reply to Deepak from comment #3)
> > > Jorge,
> > > 
> > > We started seeing our conversion getting dropped for the distribution of our
> > > extension {de71f09a-3342-48c5-95c1-4b0f17567554} I am trying to look back in
> > > to the reported bug and chain of conversation but it is hard for me to
> > > follow through as thread seems to be long.
> > > 
> > > Is it possible to get summary of what is the issue with addonon so that we
> > > can get it fixed. 
> > > 
> > > Also why is the add-on categorized as malware.
> > > 
> > > Thanks,
> > 
> > Marco/Jorge,
> > 
> > Reaching back again to see if you get chance to look at my comment from
> > Saturday. Since the extension is blocked and it prompts user to disable the
> > extension majority of our userbase is gone. I will really appreciate if you
> > can provide any details back to us. 
> >  
> > 
> > Thanks,
> > Deepak
> 
> Hello Deepak, we've noticed a spike in crashes with the signature from bug
> 1322554. Your addon happened to be installed for many of the users that are
> experiencing the crash and it was categorized as malware because of the
> deceptive name.
> 
> Can you explain how your addon is getting installed? How do you distribute
> it?

Marco,

I noticed that the I need to remove "Firefox" from the name of the addon (I noticed there is a moderate warning for using "Firefox" in the name. We will change it as soon as possible) 

For the distribution we work with publishers and internal media time to generate traffic to our offer pages. We have inline script on the page that allows user to install the addon via compliant FF models. Please let me know if you want me to provide screenshots or URl of the page.
(In reply to Deepak from comment #6)
> Marco,
> 
> I noticed that the I need to remove "Firefox" from the name of the addon (I
> noticed there is a moderate warning for using "Firefox" in the name. We will
> change it as soon as possible) 
> 
> For the distribution we work with publishers and internal media time to
> generate traffic to our offer pages. We have inline script on the page that
> allows user to install the addon via compliant FF models. Please let me know
> if you want me to provide screenshots or URl of the page.

Yes, can you provide the URLs?
There might be malware on one of the sites from where you're distributing the addon.
(In reply to Marco Castelluccio [:marco] from comment #7)
> (In reply to Deepak from comment #6)
> > Marco,
> > 
> > I noticed that the I need to remove "Firefox" from the name of the addon (I
> > noticed there is a moderate warning for using "Firefox" in the name. We will
> > change it as soon as possible) 
> > 
> > For the distribution we work with publishers and internal media time to
> > generate traffic to our offer pages. We have inline script on the page that
> > allows user to install the addon via compliant FF models. Please let me know
> > if you want me to provide screenshots or URl of the page.
> 
> Yes, can you provide the URLs?
> There might be malware on one of the sites from where you're distributing
> the addon.

 I am reaching out to my team to collect all the URLs and will send it out to you shortly.
(In reply to Deepak from comment #8)
> (In reply to Marco Castelluccio [:marco] from comment #7)
> > (In reply to Deepak from comment #6)
> > > Marco,
> > > 
> > > I noticed that the I need to remove "Firefox" from the name of the addon (I
> > > noticed there is a moderate warning for using "Firefox" in the name. We will
> > > change it as soon as possible) 
> > > 
> > > For the distribution we work with publishers and internal media time to
> > > generate traffic to our offer pages. We have inline script on the page that
> > > allows user to install the addon via compliant FF models. Please let me know
> > > if you want me to provide screenshots or URl of the page.
> > 
> > Yes, can you provide the URLs?
> > There might be malware on one of the sites from where you're distributing
> > the addon.
> 
>  I am reaching out to my team to collect all the URLs and will send it out
> to you shortly.

Marco,

Here is the URL that we are using to distribute the addon:  
http://crx.softadstech.com/new_tab/manager/index_3.php

I have updated the name of our add-on to “Search Addon” instead of “Search for Firefox”. Please let me know if this can be used.

Also, I am trying to find out how can we re-enable our add-on back for existing users. I am hopeful that we would be able to enable it back for our users since the add-on itself is not malicious and approved with AMO.
The current version on AMO has the following metadata:

name="Search for Firefox"
description="Search for Firefox engine"

This doesn't provide any information about what the add-on does. That installation page doesn't help either. Users will install it without understanding what it is meant to do, and won't be able to identify it in the Add-ons Manager if they want to remove it. This is why it was considered to be malware.

The add-on name and description should at the very least indicate what search engine is being added or replaced in Firefox.
Flags: needinfo?(jorge)
(In reply to Jorge Villalobos [:jorgev] from comment #10)
> The current version on AMO has the following metadata:
> 
> name="Search for Firefox"
> description="Search for Firefox engine"
> 
> This doesn't provide any information about what the add-on does. That
> installation page doesn't help either. Users will install it without
> understanding what it is meant to do, and won't be able to identify it in
> the Add-ons Manager if they want to remove it. This is why it was considered
> to be malware.
> 
> The add-on name and description should at the very least indicate what
> search engine is being added or replaced in Firefox.

Jorge,

We did not realize the name and description would be problematic - since we got it signed via AMO and it was approved with general warning.  The add-on  utilizes approved functions to take over search settings and set the browsers search to Yahoo.

Do you agree that our add-on is not cause of the crash? Based on our testing and reading through the original issue that triggered this, it does not provide any information that our add-on was causing issues with crashes.  Can we get this add-on reenabled so we can work out the naming and description issues?

We understand that the name and description is too vague now, and we plan on updating as soon as we are able to.  We feel the penalty of removing our entire user base is too severe when the issue boils down to the name and description.

There was no notice provided to us to make the change or fix name and description from AMO, it was just removed as a false positive for the crashes mentioned on this page.

Thanks,

Deepak
I agree the add-on probably doesn't cause the crash, and that's not the reason it was blocked. You agreed to our Developer Agreement when submitting the add-on, which should point to our policies: https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews

Please submit a fixed version for signing and post back here, and I will limit the block to only the affected versions.
(In reply to Jorge Villalobos [:jorgev] from comment #12)
> I agree the add-on probably doesn't cause the crash, and that's not the
> reason it was blocked. You agreed to our Developer Agreement when submitting
> the add-on, which should point to our policies:
> https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews
> 
> Please submit a fixed version for signing and post back here, and I will
> limit the block to only the affected versions.

Jorge, 

Yes I am working on updating the addon name and description and will submit it shortly. Can you please confirm how will we be able to push the update to impacted users, specially since blocking extension has caused all the users to disable it.

Also, as per the policy specific to "Blocklisting" we were not informed about any potential issue or given time to fix the problem.  You would understand that we have spend lots of resources to build up the userbase and loosing it due to error naming and description is really severe.
Jorge,

I have reached out to you at  jorge@mozilla.com to get some clarification on policy for naming of the add-on and next steps for us to enable updated add-on for affected users. 

The updated version 1.3 of {de71f09a-3342-48c5-95c1-4b0f17567554} is signed and ready to be reviewed. 

Thanks,
Deepak
Sorry for the delay.

Add-ons that are considered to be malicious are immediately blocked, which is why you weren't notified. The name "Search Addon" is still too generic and users won't understand what the add-on is. May I also ask why is it that your add-on sets the search engine to yahoo, when it's already the default for most users?
Regarding goMusix, the developers replied and clarified its purpose, and the block doesn't appear necessary. I'm closing this as fixed and will update the block if/when the search add-on is updated to meet policy.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
(In reply to Jorge Villalobos [:jorgev] from comment #15)
> Sorry for the delay.
> 
> Add-ons that are considered to be malicious are immediately blocked, which
> is why you weren't notified. The name "Search Addon" is still too generic
> and users won't understand what the add-on is. May I also ask why is it that
> your add-on sets the search engine to yahoo, when it's already the default
> for most users?

Jorge,

We have updated the extension to V 1.4 can you please review?
The block has been updated to exclude version 1.4 and above. This may take up to a day to be updated in existing clients.
You need to log in before you can comment on or make changes to this bug.