Look into blocklisting fr@fbt.ovh.xpi

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
--
major
RESOLVED FIXED
9 months ago
9 months ago

People

(Reporter: philipp, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 months ago
hi, we received a user report at https://support.mozilla.org/t5/Firefox/Possible-extension-virus-discovered/m-p/1383538#U1383538 linking some malicious behaviour to an extension with the ID "fr@fbt.ovh".

i couldn't verify this on my own, but according to https://forums.malwarebytes.com/topic/198334-help-frsttxt-and-additiontxt/ this the extension's name for this ID is "Adobe Flash Player" which sounds suspicious in itself.

Comment 1

9 months ago
Flagging this to Jorge and Andreas.
Flags: needinfo?(jorge)
Flags: needinfo?(awagner)
Comment hidden (obsolete)
Yes, this should be blocked for stealing user credentials from high profile websites like facebook, apple, spotify, deezer, pandora....
Assignee: nobody → jorge
Flags: needinfo?(jorge)
Flags: needinfo?(awagner)
(Assignee)

Comment 4

9 months ago
Andreas, please stage the blocklist entry and I will review it.
Flags: needinfo?(awagner)
Done. This is my first blocklist request in kinto, please review carefully.
Flags: needinfo?(awagner)
Group: toolkit-core-security
(Assignee)

Comment 6

9 months ago
The block is now live.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.