Closed Bug 1593243 Opened 5 years ago Closed 5 years ago

Extension block request: Add-ons executing remote code

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: TheOne, Assigned: TheOne)

Details

(Whiteboard: [extension])

Extension name Add-ons executing remote code
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

I’ve reviewed the add-ons and confirmed they are executing remote code.

Extension GUIDs

{3c8970fa-1340-45ad-82fe-81f3beccfbdc}
{4ab99b95-4d05-438c-8a3e-adb1b3fe8d81}
{7f87a05d-dba7-448e-9af2-ee0f4a294c01}
{59a219a8-45cd-458d-9b3e-8d86c19dfc31}
{79f4bfc7-b1da-4dc4-85cc-ecbcc5dd152e}
{484dc5ad-4d6a-4ee4-91b7-b5b8166e6b3d}
{2643d75f-9d64-47ef-9c23-78f0f055c7b8}
{76399bf2-8354-4b11-bf43-6c863b195b1d}
{110791c0-2883-4301-8214-90be7549df43}
{a33e004d-2ac0-4d77-8e14-50780bc231a3}
{aaaa5840-6b3b-49d8-92c2-9696798c4e2a}
{bfc55377-7210-4e7a-828f-6fdb9df02847}
{c6c78b9a-370d-49c5-b9c6-96d7e38861c5}
{c115eb3a-4746-472b-8f1f-d8596c49b3b6}
{deaa22e5-33ed-440f-a734-c3175e6228a7}
{e34d5840-6b3b-49d8-92c2-9696798c4e2a}
aapbdbdomjkkjkaonfhkkikfgjllcleb@chromeStoreFoxified-\d+
babelfox_client@rami
blndkmebkmenignoajhoemebccmmfjib@chrome-store-foxified-\d+
bridge-translate-app@chrome-store-foxified-2125721878
dephbpajmknbniclommefdlnflkfnpgh@chrome-store-foxified-\d+
extension@newtab.biz
generated-74o6bact7xu7y32fvfju4s@chrome-store-foxified-\d+
generated-axbwzwbksnnig1ug9v5dly@chrome-store-foxified-\d+
googletranslateelement@developer.org
icdahkkjdchifpnbebileaelbcgipepe@chrome-store-foxified-\d+
ifgljfjnflaadalpmkkgdailepedeehd@chrome-store-foxified-\d+
knpgbkpddpcepnloiijojmgbdhihkjkl@chrome-store-foxified-\d+
translate-4@chrome-store-foxified-\d+

The block has been pushed.

Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

Can you take a look at https://addons.mozilla.org/ru/firefox/user/13462855/ extensions? These extensions were caught downloading code from third-party sites.

Full analysis here (in Russian) - https://habr.com/post/421735/

In addition, this year Firefox and Crome vesrions contained a code that allowed the extension author to steal a cashback for purchases made by users in online stores: https://habr.com/post/421735/#comment_20112380

Can you please file a new blocklisting bug for the affected add-ons and provide examples of the remote code execution? Please see https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/AMO/Blocking_Process#Requesting_a_Block for more information.
Thanks.

Flags: needinfo?(wowemuh)
Flags: needinfo?(wowemuh)
You need to log in before you can comment on or make changes to this bug.