Closed Bug 1613706 Opened 6 years ago Closed 6 years ago

Extension Block Request: TraderBiS Pro

Categories

(Toolkit :: Blocklist Policy Requests, task)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: andreea.neamtiu, Assigned: Fallen)

Details
Extension name TraderBiS Pro
Extension versions affected <all versions>
Platforms affected <all platforms>
Block severity hard

Reason

The following contains critical security vulnerabilities:

  • collecting cookies via socket

  • collecting local storage data

  • DOM injections

  • no user consent or control

Extension IDs

traderibis@gmail.com
{312951c4-a455-4886-a2f1-e4fb05b9fee7}
Assignee: nobody → philipp
Status: NEW → ASSIGNED

I've reviewed the code and confirmed the add-on is injecting remote HTML code not compliant with our policies.

The block has been staged. Jorge, can you review and push?

Flags: needinfo?(jorge)

I've also confirmed that {312951c4-a455-4886-a2f1-e4fb05b9fee7} makes use of obfuscated code.

Done.

Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.