Closed Bug 1586834 Opened 5 years ago Closed 5 years ago

Extension Block Request: Google Custom Logo

Categories

(Toolkit :: Blocklist Policy Requests, task)

task
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: andreea.neamtiu, Assigned: Fallen)

Details

Extension name Google Custom Logo
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

The add-on contains critical security vulnerabilities:
DOM injection - with remote data from local storage item which is not set inside the add-on

Extension IDs

{65a93e3b-e350-440d-bf8f-68e18e38d27d}
Assignee: nobody → philipp
Status: NEW → ASSIGNED

The values used in storage here are local values, and are actually just numbers. Remaining issues can be handled normally via the review.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

I missed that the add-on is self-hosted. There was one more policy issue in the add-on. I've reviewed the add-on and confirmed it contains an unexpected feature that is collecting ancillary data.

Status: RESOLVED → REOPENED
Resolution: INVALID → ---

I'm adding another add-on to this block that has the same characteristics:

{9db1fb44-b661-4719-9d90-67af3e6a314c}

The block has been pushed.

Group: blocklist-requests
Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.