1538141 - Extension block request: {a9c33302-4c97-11e9-9a9d-af400df725e3}

Status: RESOLVED FIXED

(Toolkit :: Blocklist Policy Requests, task)

Description

[rayadohanu]

Extension name: Security
Extension UUID: {a9c33302-4c97-11e9-9a9d-af400df725e3}
Extension versions to block: all
Applications, versions, and platforms affected: all
Block severity: (hard/soft) hard

Homepage, AMO listing, other references and contact info:
null

Reasons:
decrypted script code

Comment 1

[Andreas Wagner [:TheOne] [use NI]]

What do you mean by "decrypted script code"?

Comment 2

[rayadohanu]

"decrypted script code" means obfuscated addon code

the same reason was given here: https://bugzilla.mozilla.org/show_bug.cgi?id=1535088

Comment 3

[Andreas Wagner [:TheOne] [use NI]]

Thank you. Obfuscated code is not a reason for blocklisting. Can you elaborate why this add-on should be blocked?

Comment 4

[rayadohanu]

I think this add-on does things like

Remote code execution
Search hijacking
User tracking
Newtab hijacking

Comment 5

[rayadohanu]

and also cryptomining

Comment 6

[Philipp Kewisch [:Fallen] [:📆][:🧩]]

Reason: remote code execution

Comment 7

[Philipp Kewisch [:Fallen] [:📆][:🧩]]

The block has been staged. Jorge, can you review and push?

Comment 8

[Jorge Villalobos [:jorgev] (he/him)]

Done.

Comment 9

[rayadohanu]

Hello all.

I thought I would do a test that would check the reliability of the site administrators' work.
Unfortunately, it was fatal for people who verify addons.

I made an add-on myself, which does nothing (random code generated), I obfuscated the code (size about 2kB) and I've added the bugzilla report.

What was my surprise when the administrator saw "remote code injection" :)
A question to admin: can you tell me where I found something in the generated random code:>

Your work is really unreliable.

Comment 10

[Philipp Kewisch [:Fallen] [:📆][:🧩]]

Unfortunately we don't disclose any details about the blocks and the methods we use to verify them. This bug is fixed for its purpose.