Closed Bug 1491312 Opened 6 years ago Closed 6 years ago

Extension block request: {56a1e8d2-3ced-4919-aca5-ddd58e0f31ef}

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: zitrobugs, Assigned: TheOne)

Details

Extension name: Web Guard Extension UUID: {56a1e8d2-3ced-4919-aca5-ddd58e0f31ef} Extension versions to block: 62.0.1 Applications, versions, and platforms affected: Block severity: (hard/soft)hard Homepage, AMO listing, other references and contact info: h***://my-secure.org Reasons: decrypted script code. Force (specific referer/cookies are necassary to reproduce it) to install extension on website.
It isn't clear from this report why the extension should be blocked. Can you please elaborate?
Flags: needinfo?(ZitronellaMoz)
Closing due to inactivity.
Status: NEW → RESOLVED
Closed: 6 years ago
QA Contact: awagner
Resolution: --- → INCOMPLETE
QA Contact: awagner
This is a malicious add-on installed by one of those fake Firefox update sites. Site is now offline but add-on is still being distributed as of this week.
Status: RESOLVED → REOPENED
Flags: needinfo?(ZitronellaMoz)
Resolution: INCOMPLETE → ---
This add-on injects a remote script. The code is heavily obfuscated, also using AES to encrypt parts of itself.
Assignee: nobody → awagner
Status: REOPENED → ASSIGNED
The block has been staged. Philipp, can you review and push, please?
Flags: needinfo?(philipp)
Done
Status: ASSIGNED → RESOLVED
Closed: 6 years ago6 years ago
Flags: needinfo?(philipp)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.