Closed
Bug 1611797
Opened 5 years ago
Closed 5 years ago
Extension Block Request: Titan Surfer
Categories
(Toolkit :: Blocklist Policy Requests, task)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: andreea.neamtiu, Assigned: Fallen)
Details
Extension name | Titan Surfer |
Extension versions affected | <all versions> |
Platforms affected | <all platforms> |
Block severity | hard |
Reason
This add-on contains critical security vulnerabilities:
-
collecting data (cookies, URL) - no privacy policy, no opt-in
-
modifying jQuey library by adding some XMLHttpRequests to its server
-
inserting ads (amazon, ebay, booking)
-
requests made on HTTP instead of HTTPS
Extension IDs
antimalware@titansurfer.com
Comment 1•5 years ago
|
||
Philipp, can you give this a look?
Assignee: nobody → philipp
Status: NEW → ASSIGNED
Flags: needinfo?(philipp)
Assignee | ||
Comment 2•5 years ago
|
||
I've reviewed the code and confirm the add-on is attempting to hide code not in line with our data collection policies
Assignee | ||
Comment 3•5 years ago
|
||
The block has been staged. simon, can you review and push?
Flags: needinfo?(philipp) → needinfo?(sbennetts)
Updated•5 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(sbennetts)
Resolution: --- → FIXED
Updated•5 years ago
|
Group: blocklist-requests
You need to log in
before you can comment on or make changes to this bug.
Description
•