Closed Bug 1598242 Opened 2 months ago Closed 2 months ago

Extension Block Request: YOUTUBE to MP3

Categories

(Toolkit :: Blocklist Policy Requests, task)

task
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: grahamperrin, Assigned: TheOne)

Details

Attachments

(1 file)

Extension name YOUTUBE to MP3
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

YOUTUBE to MP3
https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp3-firefox/

After adding the extension then (re)loading
hxxps://www.youtube.com/watch?v=aLzoZxcnAV0
a click on the *Download MP3 button leads to unexpected appearance of fraudulent content in a new tab:

hxxps://the-major-news.com/latest-articles/student--makes-125k-in-2-months/index.php?lpkey=76367aa583f0726939d8e520bfe16e96.1574321110&rdtrckcbp=1574320810&rtkcid=5dd63aaaf160b1000123c0cd&rtkcmpid=5d9c3bad8f42d900017a0d33

In the Wayback Machine:

hxxps://web.archive.org/web/20191121072606/hxxps://the-major-news.com/latest-articles/student--makes-125k-in-2-months/index.php?lpkey=76367aa583f0726939d8e520bfe16e96.1574321110&rdtrckcbp=1574320810&rtkcid=5dd63aaaf160b1000123c0cd&rtkcmpid=5d9c3bad8f42d900017a0d33

Fraudulent content so soon after adding the extension appears to intentionally violate policy so I guess, this should be a hard block.

Extension IDs

youtubetomp3@addons.youtube.com
addons-mozilla@youtube-to-mp4

Additional Information

Given the similarity of the screenshot used for the extension below, I might also be suspicious of this one:

YOUTUBE to MP4
https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp4-firefox/
addons-mozilla@youtube-to-mp4

For both extensions, version 6.0 was released on the same day.

The offending version of YOUTUBE to MP3 is 6.1, I did not test 6.0.

In the Wayback Machine:

The add-on violates Mozilla's add-on policy by opening websites with malicious intent.

Assignee: nobody → awagner
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

The block has been pushed.

Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED

Thank you!

break.tv, kerumal.com, rtmark.net, rdtk.io, the-major-news.com - Firefox - Malwarebytes Forums – there's now a block on the five domains that were observed in the status bar of Firefox. I don't know whether all five are disreputable but I guess, the precautionary approach is good.

You need to log in before you can comment on or make changes to this bug.