Closed
Bug 1483995
Opened 5 years ago
Closed 5 years ago
Block add-ons associated with Web Security
Categories
(Toolkit :: Blocklist Policy Requests, enhancement)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: jorgev, Assigned: jorgev)
Details
A number of reports have come up that the Web Security add-on (https://addons.mozilla.org/addon/web-security/) is sending visited URLs to a remote server. While this may seem reasonable for an add-on that checks visited webpages for their security, other issues have been brought up: 1) The add-on sends more data than what seems necessary to operate. 2) Some of the data is sent unsafely. 3) The add-on doesn't clearly disclose this practice, beyond a mention in a large Privacy Policy. 4) The code has the potential of executing remote code, which is partially obfuscated in its implementation. 5) Multiple add-ons with very different features, and different authors, have the same code. Further inspection reveals they may all be the same person/group. For this, we're taking action on all of the following extensions: +--------+-----------------------------------------------+ | id | guid | +--------+-----------------------------------------------+ | 606008 | firefox@browser-security.de | | 754752 | firefox@smarttube.io | | 792317 | {0fde9597-0508-47ff-ad8a-793fa059c4e7} | | 803454 | info@browser-privacy.com | | 838232 | {d3b98a68-fd64-4763-8b66-e15e47ef000a} | | 851519 | {36ea170d-2586-45fb-9f48-5f6b6fd59da7} | | 855429 | youtubemp3converter@yttools.io | | 857342 | simplysearch@dirtylittlehelpers.com | | 857365 | extreme@smarttube.io | | 866911 | selfdestructingcookies@dirtylittlehelpers.com | | 868657 | {27a1b6d8-c6c9-4ddd-bf20-3afa0ccf5040} | | 870028 | {2e9cae8b-ee3f-4762-a39e-b53d31dffd37} | | 875642 | adblock@smarttube.io | | 893908 | {a659bdfa-dbbe-4e58-baf8-70a6975e47d0} | | 893912 | {f9455ec1-203a-4fe8-95b6-f6c54a9e56af} | | 903467 | {8c85526d-1be9-4b96-9462-aa48a811f4cf} | | 903479 | mail@quick-buttons.de | | 915719 | youtubeadblocker@yttools.io | | 915741 | extension@browser-safety.org | | 928324 | contact@web-security.com | | 938608 | videodownloader@dirtylittlehelpers.com | | 960114 | googlenotrack@dirtylittlehelpers.com | | 979089 | develop@quick-amz.com | +--------+-----------------------------------------------+ Versions: * Block type: hard. Thanks to Rob Wu, Raymond Hill, rctgamer3, and others for conducting much of the investigation and keeping the ball rolling.
Assignee | ||
Comment 1•5 years ago
|
||
The block has been staged. Andreas, please review and push.
Flags: needinfo?(philipp)
Flags: needinfo?(awagner)
Comment 2•5 years ago
|
||
Done.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(awagner)
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Flags: needinfo?(philipp)
Comment hidden (off-topic) |
Comment hidden (off-topic) |
Comment hidden (off-topic) |
Updated•5 years ago
|
Flags: needinfo?(awagner)
Comment hidden (abuse-reviewed, off-topic) |
Comment hidden (abuse-reviewed, off-topic) |
Comment hidden (admin-reviewed, off-topic) |
Comment 9•5 years ago
|
||
(In reply to shellshock from comment #7) > You can't trust Fabian Simon. The addon is no longer released by Mozilla. > > In the end: Fabian Simon and his accomplices will either go to prison or > face severe fines. Just wait some months... A big storm is coming. Hi shellshock, this is a reminder that all comments here need to adhere to Bugzilla's etiquette guidelines (https://bugzilla.mozilla.org/page.cgi?id=etiquette.html) and that person attacks are unwelcome. If this behavior continues, your Bugzilla account will be suspended.
Comment hidden (off-topic) |
Comment hidden (off-topic) |
Comment 12•5 years ago
|
||
Than you everyone for the comments and inquiries you have made here, I understand this is an issue that brings up a lot of questions. At the same time, this is a bug tracker meant mostly for technical discussion around the actions taken. Therefore, I am restricting comments to this bug. If you have further questions, please post them to our discussion forums: https://discourse.mozilla.org/c/add-ons . Thank you for your understanding.
Restrict Comments: true
You need to log in
before you can comment on or make changes to this bug.
Description
•