Extension block request: admin@vietbacsecurity.com

RESOLVED FIXED

Status

()

RESOLVED FIXED
6 months ago
6 months ago

People

(Reporter: mxn, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 months ago
Extension name: Vietnamese Input Method
Extension UUID: admin@vietbacsecurity.com
Extension versions to block: 3.4.2, probably earlier ones too
Applications, versions, and platforms affected: All
Block severity: hard

Homepage, AMO listing, other references and contact info:

https://addons.mozilla.org/firefox/addon/vietnamese-input-method/ (already deleted)
https://www.vietbacsecurity.com/ (author website)
https://blog.mybloggertricks.org/vni.php (keystrokes and history went here)

Reasons:

Keylogger that sends all keystrokes and browsing history to a server without permission and for no apparent reason. This extension was deleted after I reported it for abuse a couple weeks ago, but at least one vulnerable version was available since April.
(Reporter)

Comment 1

6 months ago
http://notes.1ec5.org/archives/2018/09/16/webextensions.html details this extension's privacy-violating functionality.
The block has been staged. Stuart, please review and push.
Flags: needinfo?(scolville)
Approved and pushed
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 months ago
Flags: needinfo?(scolville)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.