Extension Block Request: YOUTUBE to MP3
Categories
(Toolkit :: Blocklist Policy Requests, task)
Tracking
()
People
(Reporter: grahamperrin, Assigned: TheOne)
Details
Attachments
(1 file)
Extension name | YOUTUBE to MP3 |
Extension versions affected | <all versions> |
Platforms affected | <all platforms> |
Block severity | hard |
Reason
YOUTUBE to MP3
https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp3-firefox/
After adding the extension then (re)loading
hxxps://www.youtube.com/watch?v=aLzoZxcnAV0
a click on the *Download MP3 button leads to unexpected appearance of fraudulent content in a new tab:
hxxps://the-major-news.com/latest-articles/student--makes-125k-in-2-months/index.php?lpkey=76367aa583f0726939d8e520bfe16e96.1574321110&rdtrckcbp=1574320810&rtkcid=5dd63aaaf160b1000123c0cd&rtkcmpid=5d9c3bad8f42d900017a0d33
In the Wayback Machine:
hxxps://web.archive.org/web/20191121072606/hxxps://the-major-news.com/latest-articles/student--makes-125k-in-2-months/index.php?lpkey=76367aa583f0726939d8e520bfe16e96.1574321110&rdtrckcbp=1574320810&rtkcid=5dd63aaaf160b1000123c0cd&rtkcmpid=5d9c3bad8f42d900017a0d33
Fraudulent content so soon after adding the extension appears to intentionally violate policy so I guess, this should be a hard block.
Extension IDs
youtubetomp3@addons.youtube.com
addons-mozilla@youtube-to-mp4
Additional Information
Given the similarity of the screenshot used for the extension below, I might also be suspicious of this one:
YOUTUBE to MP4
https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp4-firefox/
addons-mozilla@youtube-to-mp4
For both extensions, version 6.0 was released on the same day.
The offending version of YOUTUBE to MP3 is 6.1, I did not test 6.0.
In the Wayback Machine:
- hxxps://web.archive.org/web/20191121073745/https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp3-firefox/
- hxxps://web.archive.org/web/20191121073915/https://addons.mozilla.org/en-GB/firefox/addon/youtube-to-mp4-firefox/
Reporter | ||
Comment 1•5 years ago
|
||
Assignee | ||
Comment 2•5 years ago
|
||
The add-on violates Mozilla's add-on policy by opening websites with malicious intent.
Assignee | ||
Comment 3•5 years ago
|
||
The block has been pushed.
Reporter | ||
Comment 4•5 years ago
|
||
Thank you!
break.tv, kerumal.com, rtmark.net, rdtk.io, the-major-news.com - Firefox - Malwarebytes Forums – there's now a block on the five domains that were observed in the status bar of Firefox. I don't know whether all five are disreputable but I guess, the precautionary approach is good.
Description
•