Extension Block Request: Angelic Bit
Categories
(Toolkit :: Blocklist Policy Requests, task)
Tracking
()
People
(Reporter: zitrobugs, Assigned: raluca.sofian)
Details
Extension name | Angelic Bit |
Extension versions affected | <all versions> |
Platforms affected | <all platforms> |
Block severity | hard |
Reason
seems remote code injection
it is from same site like Project Tech extension, which is blocked in hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1536042
Extension GUIDs
{a3f765c3-8dde-4467-ad6e-fd70c3333e50}
Additional Information
Updated•5 years ago
|
Comment 1•5 years ago
|
||
I checked this one and it is missing the page.js that might be doing the shady things. The code by itself is very non-functional so I think this doesn't need to be blocked. Thanks for the report!
Reporter | ||
Comment 2•5 years ago
|
||
Can it still be hidden remote code in this extension? I test every extension before reporting and it definitely has had other connections to websites except google. I think it was to result-spark.com.
Does the extension possibly have a hidden code with expiration date? I secure all reported extensions and can now no longer reproduce the remote connection for many. But they were definitely set up days ago.
This was a similar case: https://bugzilla.mozilla.org/show_bug.cgi?id=1491312 Today if i test this extension, i cannot see remote code in network-analysis.
(Sorry for my bad english, i used google translate)
Comment 3•5 years ago
|
||
Your translated English is fine! If you want to chat with me in German via IRC, feel free to reach out. My nick is Fallen. I'll double check the add-on to be sure, but the last I saw was a page.js being executed that didn't exist.
Reporter | ||
Comment 4•5 years ago
|
||
fine. I gladly accept the offer ;)
I've checked the bug and didn't find any issues.
Reporter | ||
Comment 6•5 years ago
|
||
The WebExtension loads additional data in the Google search.
The prerequisite is that you have previously loaded a specific page. This page is only generated by various redirects (possibly also referer).It's the same page that forces you to install the extension in full screen. Then the website connects to the web extension.
Even if I after that, delete all data under settings and everything under history, the data are stored in storage-sync.sqlite. The result is, that when i use google search (or youtube), also pages from result-spark.com are loaded.
Comment 9•5 years ago
|
||
The block has been staged. Jorge, can you review and push?
Comment 10•5 years ago
|
||
Done.
Updated•5 years ago
|
Description
•