Extension name: Vietnamese Input Method Extension UUID: firstname.lastname@example.org Extension versions to block: 3.4.2, probably earlier ones too Applications, versions, and platforms affected: All Block severity: hard Homepage, AMO listing, other references and contact info: https://addons.mozilla.org/firefox/addon/vietnamese-input-method/ (already deleted) https://www.vietbacsecurity.com/ (author website) https://blog.mybloggertricks.org/vni.php (keystrokes and history went here) Reasons: Keylogger that sends all keystrokes and browsing history to a server without permission and for no apparent reason. This extension was deleted after I reported it for abuse a couple weeks ago, but at least one vulnerable version was available since April.
http://notes.1ec5.org/archives/2018/09/16/webextensions.html details this extension's privacy-violating functionality.
The block has been staged. Stuart, please review and push.
Approved and pushed
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.