Closed Bug 1534781 Opened 6 years ago Closed 6 years ago

Extension Block Request: {fb62e856-f09b-4cbc-ba07-642ab55f6cb4}

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zitrobugs, Assigned: TheOne)

Details
Extension name {fb62e856-f09b-4cbc-ba07-642ab55f6cb4}
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

remote code injection

Extension GUIDs

{fb62e856-f09b-4cbc-ba07-642ab55f6cb4}
EncDNA module	2.0.21

Can you provide the exact page with the installation? Where did you get this add-on?

Flags: needinfo?(zitrobugs)

no, this is not possible because it depends on the referer, cookies and possibly other stuff
But extension is linked on h**p://prosnazzy.cool/ff/encdna_module-2.0.21-fx.xpi

Flags: needinfo?(zitrobugs)

The site encourages installation, but does the additive have bad behavior?

Flags: needinfo?(zitrobugs)

Yes it has! see above. Redirects to other pages. It has remote code injection.

Flags: needinfo?(zitrobugs)

Yes, this plugin loads external code from: https://medicloft.com/alarm/list/2/87e7261a29594db99477.js?nocache=1552512850725. Not all add-ons reported by you they download the external code. Can you show it?

Flags: needinfo?(zitrobugs)

FF, could you please leave triaging to Mozilla admin reviewers? We request information when we need it only. Thank you!

Flags: needinfo?(zitrobugs)

Blocklist reasons:

  • Remote script injection
Assignee: nobody → awagner
Status: NEW → ASSIGNED

The block has been staged. Philipp, can you please review and push?

Flags: needinfo?(philipp)

Done

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(philipp)
Resolution: --- → FIXED
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.