Closed Bug 1491716 Opened 7 years ago Closed 7 years ago

Extension block request: admin@vietbacsecurity.com

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: mxn, Unassigned)

Details

Minh Nguyễn

Reporter

Description

•

7 years ago

Extension name: Vietnamese Input Method Extension UUID: admin@vietbacsecurity.com Extension versions to block: 3.4.2, probably earlier ones too Applications, versions, and platforms affected: All Block severity: hard Homepage, AMO listing, other references and contact info: https://addons.mozilla.org/firefox/addon/vietnamese-input-method/ (already deleted) https://www.vietbacsecurity.com/ (author website) https://blog.mybloggertricks.org/vni.php (keystrokes and history went here) Reasons: Keylogger that sends all keystrokes and browsing history to a server without permission and for no apparent reason. This extension was deleted after I reported it for abuse a couple weeks ago, but at least one vulnerable version was available since April.

Minh Nguyễn

Reporter

Comment 1

•

7 years ago

http://notes.1ec5.org/archives/2018/09/16/webextensions.html details this extension's privacy-violating functionality.

Jorge Villalobos [:jorgev] (he/him)

Comment 2

•

7 years ago

The block has been staged. Stuart, please review and push.

Flags: needinfo?(scolville)

Stuart Colville [:muffinresearch]

Comment 3

•

7 years ago

Approved and pushed

Status: UNCONFIRMED → RESOLVED

Closed: 7 years ago

Flags: needinfo?(scolville)

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Extension block request: admin@vietbacsecurity.com

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

Tracking

()

People

(Reporter: mxn, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3