Closed Bug 1525880 Opened 5 years ago Closed 5 years ago

Extension block request: Various add-ons with remote script injection

Categories

(Toolkit :: Blocklist Policy Requests, task)

task
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: TheOne, Assigned: TheOne)

Details

(Whiteboard: [extension])

Extension name: (Various)
Extension UUID:

{0bf1c111-c256-4a17-891d-1bc69338162e}
{0ffbc4b1-f269-4cff-9552-5f77337ebc1a}
{1bbdc69d-55d3-4872-bd03-14eb05e7a7ad}
{1ce00b82-ac47-43e6-a69c-f7dc9344168a}
{2b01628b-0110-4965-972c-7a0b624fb99f}
{3a84e0b0-3151-449e-b6e8-1062036afac6}
{3bbcc16b-23f7-40a6-b88c-9ced9d009c93}
{3ea48f4a-b585-44a7-aff5-faeb5e5b47d5}
{7b161d2c-ee98-4321-a78a-433950672c8a}
{8a8d97d8-b879-4024-8321-765e0f395b84}
{9c0d6766-debe-4461-b14f-68ddfc13a78a}
{014f9781-c104-41a4-a983-fc6aa4690664}
{27ffdb27-0a34-4dea-a483-3b357bc6a5fe}
{81ba256a-4f32-40df-86b5-e6b9861481e1}
{338c7503-fb54-4b69-a84b-916f7452c7fa}
{400e053f-55df-4e86-a91a-eae8d7b7bcd1}
{617e0484-8346-44f2-851e-60ab89a919f9}
{656a0095-d852-4dcc-a107-764df7ad0ec4}
{754a330b-efbe-4016-8526-bf0f2e11e45e}
{802ba900-013c-42f6-a11a-093c4bf35baa}
{2771ce08-4898-4f58-89a5-e2b9d00bfab2}
{3906b944-92f3-4d43-89dc-31ad6484a77c}
{6516cdbc-9332-437f-89ac-b57470655542}
{6847c507-1793-4be2-be86-4c2cc0b445bf}
{9687db9b-410c-47f2-8c36-fde63c7c29e4}
{0035237e-97ab-40eb-ba9d-c453fb6aa079}
{20143127-e0bd-4396-aee9-52229cf9b5eb}
{33254399-d5b2-4d84-b90b-9c4d4dc71112}
{34621968-1952-4428-909d-df5b220efe74}
{83769978-21cf-417c-b4a9-582b4161e395}
{aa369db0-4232-47b8-bbbb-49ad31d49dce}
{aff733de-d7d8-49c2-824a-7f2b2e282927}
{c0b587fe-766b-446f-9aae-bc6edc9f6f4c}
{c47a75b9-c6d2-4009-a245-c6dcedeea932}
{c51bd197-28bd-442f-8537-dea5ae129047}
{cac044a2-b93c-4f24-bf2f-b902741d29a8}
{de17ce6f-389f-4368-9675-b9ed93133f17}
{e2b105bc-1821-4838-bdf9-0fa4f6781b18}
{e6c8bc7f-0133-418a-86ed-ba2c0a6925df}
{f4acda5f-a75b-4b3b-8a73-8ca3df8d5f57}
{f4fd18ee-8f6a-4708-8338-7e7981b73453}
{f2320322-1fff-4998-bc28-4ad61621012a}
{ff939f5e-a97c-4c14-b853-9c82519dbf73}
@complete-youtube-downloader
@swsearchassist
@swsearchassist2
@youtube-download-helper-addon-1
@youtube-download-helper-addon-3
@ytd-support
@ytmp4-support
@ytu-support
18-plus-bypass@agebypass.org
18plus@sweetytweety.jp
addon@firefox-addon-s.com
ageverify@doubletrouble.net
auto-fill-dhruv.techapps@gmail.com
awesomeaddons@gmail.com
blndkmebkmenignoajhoemebccmmfjib@chrome-store-foxified--730948579
boomerang-for-gmailtm@chrome-store-foxified--1895216441
boomerang-for-gmailtm@chrome-store-foxified-1472004183
browsing_certificate@easycerts.in
certs-js@verify.org
clear-flash-cookies@tubedownload.org
dghpnfeglanbbjaggjegpbijhcbnfdno@chrome-store-foxified--1026618965
dghpnfeglanbbjaggjegpbijhcbnfdno@chrome-store-foxified--1382673267
dghpnfeglanbbjaggjegpbijhcbnfdno@chrome-store-foxified-3810896411
dhiaggccakkgdfcadnklkbljcgicpckn@chrome-store-foxified-1917762393
dhiaggccakkgdfcadnklkbljcgicpckn@chrome-store-foxified-2539369515
dhiaggccakkgdfcadnklkbljcgicpckn@chrome-store-foxified-3411285726
dhiaggccakkgdfcadnklkbljcgicpckn@chrome-store-foxified-3957753373
dhruv@gmail.com
easy.download@youtube.com
easy18plusverify@agehelper.com
EasyQR@johndoe
easytranslate@johndoehits
ecaieeiecbdhkcgknidmfelflleobbnp@chrome-store-foxified-2878848146
eurekasakamika@chrome-store-foxified-unsigned
faeeclonpikbempnbjbbajfjjajjgfio@chrome-store-foxified--1071037210
faeeclonpikbempnbjbbajfjjajjgfio@chrome-store-foxified-335403930
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified--546579415
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified--929033716
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified--1776201342
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-411918147
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-711293137
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-1406852911
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-1805495496
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-2344964585
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-2515600300
gefiaaeadjbmhjndnhedfccdjjlgjhho@chrome-store-foxified-2947667317
generated-c5el8k8zv2b1gcncleefj9@chrome-store-foxified--1160265316
guid-reused-by-pk-720807
guid-reused-by-pk-881137
html5-video-everywhere@lejenome.me
iapifmceeokikomajpccajhjpacjmibe@chrome-store-foxified-6029610
info@ytdownloader.info
jabcajffpafebcdcaddoegpenicdipdk@chrome-store-foxified-1110252619
jpegcert@freeverify.org
kmrfree@yahoo.com
lets-kingw@empotrm.com
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-29039950
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-77744803
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-357866719
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-447115206
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-549146896
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-1084455972
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-1602969934
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-2271560562
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-2595595173
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-3103352300
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-3116340547
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-3959272483
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-4076222235
mdanidgdpmkimeiiojknlnekblgmpdll@chrome-store-foxified-4090031097
media-certificates@auth0.io
mingle-cash-extension@minglecash.com
MiningBlocker@MiningBlockerAddOn.com
multimedia@certifications.us
nominer-block-coin-miners@tubedownload.org
open-in-idm@tubedownload.org
sabqo@yolla.net
search-by-image@addonsmash
selfdestructingcookies@addonsmash
streaming-certficate@mdn.org
swt@gobck.com
tabs-re-open@gtk.cc
user-agent-rewriter@a.org
vba@vba.com
verification@bexp.co
vidcert@certs.org
xplayer@gobck.com
youtube_download_express@free-downloader.online
youtube_downloader@downloaders.xyz
youtube_grabber@utubegrabber.co
youtube-lyrics-by-rob-w@awesome.addons
youtube-mp4-downloader@tubedownload.org
ytdownloader@ytdownloader.org
yttools.download@youtube.com

Extension versions to block: *
Applications, versions, and platforms affected: Firefox *
Block severity: hard

Homepage, AMO listing, other references and contact info:

Reasons:
Remote script injection, almost always outright malicious

The block has been staged. Jorge, can you please review and push?

Flags: needinfo?(jorge)

Done.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED

I used this addon for the past months, and saw it now was blokec containing dangerous code? What did it do? Is my PC in danger now or did it steal any data?

These are quite a few extensions and some of them were certainly available in the AMO for some time. Thus a few questions, since also having used at least one of those

  • what has caused the sudden discovery and subsequent hard block (the new anti crypto mining code)?
  • "almost always outright malicious" does imply that not every extension falls into that assessment and hence begs the question which of the listed extensions are indeed outright malicious and perhaps to which extent?

Someone said here: https://addons.mozilla.org/en-US/firefox/addon/youtube_downloader/reviews/1283674/ that addon also has a mining script, is that true? Could Mozilla please scan all addons on the market immediately?

I used HTML5 Video Everywhere (ID: html5-video-everywhere@lejenome.me) for a few years, and apparently it's in this list. (replaced various sites' players with default Firefox HTML5 video player; thus I am now back on YouTube's player with bad perf on this machine) Did it get compromised recently or did a new security policy prohibit something it'd already been doing? If there needs to be a big mass-ban like this, please post something on a blog somewhere explaining what happened, with extra detail for the addons that actually had a non-trivial userbase (preferably also numbers of users affected). Not enough info is listed here, and this bug is all it links to via the blocklist entry in the Addon Manager.

Flags: needinfo?(awagner)

When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria [1], the software may be blocked from general use. For more information, please read this support article [2].

[1] http://wiki.mozilla.org/Blocklisting
[2] http://support.mozilla.org/kb/add-ons-cause-issues-are-on-blocklist

Thank you everyone for the comments and inquiries you have made here, I understand this is an issue that brings up a lot of questions. At the same time, this is a bug tracker meant mostly for technical discussion around the actions taken. Note also we generally don't discuss the methodologies or details about the block.

Therefore, I am restricting comments to this bug.
For general add-on discussion, please visit: http://discourse.mozilla.org/c/add-ons
If you want to report an add-on that meets the blocklisting criteria, please file a new bug in this component.

Thank you for your understanding.

Flags: needinfo?(awagner)
Restrict Comments: true

Please don't abuse the process like this. This bug is the only place designated for communication about this block, and we both know this is not general addon discussion. (If you don't want this to be so, don't link to it from the blocklist entry linked to in Firefox's Addon Manager.)

Mozilla remote-killed software on users' machines with no information provided; the template used in the bug description (comment 0) isn't even filled out fully. I'm taking it in good faith that there were serious security issues here and simply asking that they be stated. However, responding to a legitimate concern with a canned response and comment restriction is not a good way to garner trust here. I am aware it can be hard to sort through the deluge of comments/complaints/confusion Bugzilla can get - I used to volunteer to triage here - however, a serious action was taken here and a serious response is a reasonable expectation.

Flags: needinfo?(awagner)
Flags: needinfo?(awagner)
Type: enhancement → task
Restrict Comments: false
Restrict Comments: true
Restrict Comments: false
You need to log in before you can comment on or make changes to this bug.