Closed Bug 1538143 Opened 5 years ago Closed 5 years ago

Extension Block Request: Angelic Bit

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zitrobugs, Assigned: raluca.sofian)

Details
Extension name Angelic Bit
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

seems remote code injection
it is from same site like Project Tech extension, which is blocked in hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1536042

Extension GUIDs

{a3f765c3-8dde-4467-ad6e-fd70c3333e50}

Additional Information

Assignee: nobody → philipp
Status: NEW → ASSIGNED

I checked this one and it is missing the page.js that might be doing the shady things. The code by itself is very non-functional so I think this doesn't need to be blocked. Thanks for the report!

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

Can it still be hidden remote code in this extension? I test every extension before reporting and it definitely has had other connections to websites except google. I think it was to result-spark.com.
Does the extension possibly have a hidden code with expiration date? I secure all reported extensions and can now no longer reproduce the remote connection for many. But they were definitely set up days ago.

This was a similar case: https://bugzilla.mozilla.org/show_bug.cgi?id=1491312 Today if i test this extension, i cannot see remote code in network-analysis.
(Sorry for my bad english, i used google translate)

Flags: needinfo?(philipp)

Your translated English is fine! If you want to chat with me in German via IRC, feel free to reach out. My nick is Fallen. I'll double check the add-on to be sure, but the last I saw was a page.js being executed that didn't exist.

Status: RESOLVED → REOPENED
Resolution: INVALID → ---

fine. I gladly accept the offer ;)

Assignee: philipp → raluca.sofian

I've checked the bug and didn't find any issues.

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → INVALID

The WebExtension loads additional data in the Google search.
The prerequisite is that you have previously loaded a specific page. This page is only generated by various redirects (possibly also referer).It's the same page that forces you to install the extension in full screen. Then the website connects to the web extension.
Even if I after that, delete all data under settings and everything under history, the data are stored in storage-sync.sqlite. The result is, that when i use google search (or youtube), also pages from result-spark.com are loaded.

Flags: needinfo?(raluca.sofian)
Status: RESOLVED → REOPENED
Flags: needinfo?(raluca.sofian)
Resolution: INVALID → ---

Thank you for the new details. I will take another look.

Good to block.

The block has been staged. Jorge, can you review and push?

Flags: needinfo?(philipp) → needinfo?(jorge)

Done.

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
Type: defect → task
You need to log in before you can comment on or make changes to this bug.