Closed
Bug 1485145
Opened 6 years ago
Closed 6 years ago
Extension block request: {d0aa0ad2-15ed-4415-8ef5-723f303c2a67}
Categories
(Toolkit :: Blocklist Policy Requests, enhancement)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: zitrobugs, Assigned: TheOne)
Details
Attachments
(2 files)
Extension name: JS Switcher
Extension UUID: {d0aa0ad2-15ed-4415-8ef5-723f303c2a67}
Extension versions to block: 1.3.1
Applications, versions, and platforms affected:
Block severity: (hard/soft)hard
Homepage, AMO listing, other references and contact info:
h***://devprogext.cool/3/go/1462666/?csum=0QZqMlrJDSLintl2qcxRcD-d6oqlXyF5tEY2PdIt4Rdk0KM74f02GCFqKt1T-pTKz-4XB2o1aM_keq1yEYY9ow%2C%2C&_subid=3q8upjh1aj7qfl7gjmn5&_token=uuid_3q8upjh1aj7qfl7gjmn5_3q8upjh1aj7qfl7gjmn55b7c5d3d1d5d15.74402483
This is the adresss in my browser, you see in the video-a. But if you will click it, you will only see a harmless seeing site (i think it need spcial referer and/or cookies to see the same as in video)
On the site mostly real mouse is hidden and it change to a fake mouse, and this fake mouse force to full-screen. You can leave fullscreen, but then the behavior starts all over again. (rightclick is also disabled on this site).
In video-b, I move the mouse slowly from the bottom up. You can see how the right mouse turns into the fake mouse and jumps. (My right mouse in this video is the bigger black mouse)
Reasons:installs extension in fullscreen-mode
Directlink to the extension above extension is: h***://devprogext.cool/ff//js_switcher-1.3.1-an+fx.xpi
Sometimes the same site also "offers" another extension also forced in fullscreen mode with:
Extension name: Reader FB2
Extension UUID: {40a9d23b-09ef-4c82-ae1d-7fc5c067e987}
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Updated•6 years ago
|
Assignee: nobody → philipp
|
|
Reporter | |
Comment 2•6 years ago
|
||
The same behavior i described above is on this site http://fileextff.cool/3/go/O128DGOKAR-TM1QTN3UDME/?csum=KccbJEW2I1HYvpc6dKPmKlTf7p-eGlk6g-Oaj19UN817zCONbyC2dKFEcA0-Fpq1og1frD21ckIx808ewWhC_g%2C%2C&mtz=map&_subid=3q8upjh1aj82hgo37csv&_token=uuid_3q8upjh1aj82hgo37csv_3q8upjh1aj82hgo37csv5b7c7fd9eece01.25099992 it force to install "TimeRescue" Version 3.6.0 UUID: {4ca00873-7e8d-4ada-b460-96cad0eb8fa9} or "Instant Draw" Version 2.3.6 UUID {d8157e0c-bf39-42eb-a0c3-051ff9724a8c} Or shoud i better make for every found extension on such site behavior make a new bug report?
Flags: needinfo?(philipp)
|
|
Reporter | |
Comment 3•6 years ago
|
||
The same behavior i described above is on this site h***://fileextff.cool/3/go/O128DGOKAR-TM1QTN3UDME/?csum=KccbJEW2I1HYvpc6dKPmKlTf7p-eGlk6g-Oaj19UN817zCONbyC2dKFEcA0-Fpq1og1frD21ckIx808ewWhC_g%2C%2C&mtz=map&_subid=3q8upjh1aj82hgo37csv&_token=uuid_3q8upjh1aj82hgo37csv_3q8upjh1aj82hgo37csv5b7c7fd9eece01.25099992
it force to install "TimeRescue" Version 3.6.0 UUID: {4ca00873-7e8d-4ada-b460-96cad0eb8fa9}
or "Instant Draw" Version 2.3.6 UUID {d8157e0c-bf39-42eb-a0c3-051ff9724a8c}
Or shoud i better make for every found extension on such site behavior make a new bug report?|
|
||
Comment 4•6 years ago
|
||
If it looks like the same kind of behavior or author, it is sufficient to mention further guids you find here. Thanks for providing these reports!
Flags: needinfo?(philipp)
|
|
||
Comment 5•6 years ago
|
||
Add-ons are running remote scripts from a cookie value, confirming.
GUIDs:
{d0aa0ad2-15ed-4415-8ef5-723f303c2a67}
{4ca00873-7e8d-4ada-b460-96cad0eb8fa9}
{d8157e0c-bf39-42eb-a0c3-051ff9724a8c}
There could possibly be more, but rg is taking too long. Andreas, can you run a search for the pattern I sent you via IRC to find more of these? Be prepared for false positives given the very generic string, and possibly limit your search to just xpis to save time. Otherwise, go ahead and stage the above GUIDs.Flags: needinfo?(awagner)
|
|
Reporter | |
Comment 6•6 years ago
|
||
Same behavior on another site
Extension name: Cute Bookmarks Guru
Extension UUID: {205c2185-ebe4-4106-92ab-0ffa7c4efcbb}
Extension versions: 2.3.6
|
Assignee | |
Updated•6 years ago
|
Assignee: philipp → awagner
Flags: needinfo?(awagner)
|
|
Assignee | |
Comment 7•6 years ago
|
||
Clones found: Timemetric@tmetric image-fastpicker@eight04.blogspot.com textMarkertool@underFlyingBirches.org youpanel@jetpack {0ff32ce0-dee9-4e7e-9260-65e58373e21d} {6f13489d-b274-45b6-80fa-e9daa140e1a4} {568db771-c718-4587-bcd0-e3728ee53550} {5782a0f1-de26-42e5-a5b3-dae9ec05221b} {9077390b-89a9-41ad-998f-ab973e37f26f} {8e7269ac-a171-4d9f-9c0a-c504848fd52f} {3e6586e2-7410-4f10-bba0-914abfc3a0b4} {c1aee371-4401-4bab-937a-ceb15c2323c1} {c579191c-6bb8-4795-adca-d1bf180b512d} {e2a4966f-919d-4afc-a94f-5bd6e0606711} {ee97f92d-1bfe-4e9d-816c-0dfcd63a6206}
|
|
Assignee | |
Comment 8•6 years ago
|
||
Clones/Variants: Timemetric@tmetric image-fastpicker@eight04.blogspot.com textMarkertool@underFlyingBirches.org youpanel@jetpack {0ff32ce0-dee9-4e7e-9260-65e58373e21d} {4ca00873-7e8d-4ada-b460-96cad0eb8fa9} {6b427f73-2ee1-4256-b69d-7dc253ebe030} {6f13489d-b274-45b6-80fa-e9daa140e1a4} {40a9d23b-09ef-4c82-ae1d-7fc5c067e987} {205c2185-ebe4-4106-92ab-0ffa7c4efcbb} {256ec7b0-57b4-416d-91c1-2bfdf01b2438} {568db771-c718-4587-bcd0-e3728ee53550} {5782a0f1-de26-42e5-a5b3-dae9ec05221b} {9077390b-89a9-41ad-998f-ab973e37f26f} {8e7269ac-a171-4d9f-9c0a-c504848fd52f} {3e6586e2-7410-4f10-bba0-914abfc3a0b4} {b3f06312-93c7-4a4f-a78b-f5defc185d8f} {c1aee371-4401-4bab-937a-ceb15c2323c1} {c579191c-6bb8-4795-adca-d1bf180b512d} {d0aa0ad2-15ed-4415-8ef5-723f303c2a67} {d8157e0c-bf39-42eb-a0c3-051ff9724a8c} {e2a4966f-919d-4afc-a94f-5bd6e0606711} {ee97f92d-1bfe-4e9d-816c-0dfcd63a6206}
|
|
Assignee | |
Comment 9•6 years ago
|
||
The block has been staged. Jorge, can you please review and push?
Flags: needinfo?(jorge)
|
||
Comment 10•6 years ago
|
||
Done.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•