Closed Bug 1540690 Opened 5 years ago Closed 5 years ago

Extension Block Request: Patagonia Bit

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zitrobugs, Assigned: Fallen)

Details
Extension name Patagonia Bit
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

New Version of hxxps://bugzilla.mozilla.org/show_bug.cgi?id=1539226

Remote Script Injection for example on google search

The WebExtension loads additional data in the Google search.
The prerequisite is that you have previously loaded a specific page. This page is only generated by various redirects (possibly also referer).
Even if I after that, delete all data under settings and everything under history, the data are stored in storage-sync.sqlite. The result is, that when i use google search (or youtube), also pages from result-spark.com are loaded.

Extension GUIDs

{35b9640e-ebbb-44b7-85af-d9ec3af3c6a6}
Assignee: nobody → philipp
Status: NEW → ASSIGNED
Type: enhancement → task

I've confirmed the add-on is injecting remote scripts through use of browser storage mechanisms accessible to web pages.

The block has been staged. Andreas, can you review and push?

Flags: needinfo?(awagner)

Done

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(awagner)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.