Closed
Bug 1618688
Opened 5 years ago
Closed 5 years ago
Extension Block Request: Add-ons violating multiple policies
Categories
(Toolkit :: Blocklist Policy Requests, task)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mattgaspar10, Assigned: Fallen)
Details
Attachments
(1 file)
|
2.90 MB,
image/png
|
Details |
beautifulpdf-mypdfonline-popunder-ads.png
| Extension name | Add-ons violating multiple policies |
| Extension versions affected | <all versions> |
| Platforms affected | <all platforms> |
| Block severity | hard |
Reason
Observed add-ons violating multiple policies
- Monitoring browsing activity without consent (see
hxxps://inter.beautifulpdf.com/setcookie.do requests in a trace) - Collecting IP address without consent (see response to
hxxps://inter.beautifulpdf.com/setcookie.do requests in a trace) - Show and monetize pop under ads without attribution to add-on (see attached screenshot)
Products also offer limited functionality
- Product feature only shows once, post install
- Browser action buttons don't work
Tested two of of the four. Given the format of the requests (hxxps://inter.PRODUCTNAME.com/setcookie.do), I suspect the developer has more like it.
Extension IDs
{bc158e4c-6514-4b0e-9da4-6018326fe634}
{d807c94c-fbd3-48b7-9c07-a54336ace9f3}
{95716b5d-ce17-4a97-9691-40f62291649e}
{b8250196-9419-4b06-9634-48f6c3570b53}
|
Reporter | |
Comment 1•5 years ago
|
||
Screenshot of pop under with ads
|
||
Comment 2•5 years ago
|
||
Thank you for the report, those are not valid add-on IDs. Can you please update them?
Flags: needinfo?(mattgaspar10)
|
|
Reporter | |
Comment 3•5 years ago
|
||
Apologies. I left the braces off.
{bc158e4c-6514-4b0e-9da4-6018326fe634}
{d807c94c-fbd3-48b7-9c07-a54336ace9f3}
{95716b5d-ce17-4a97-9691-40f62291649e}
{b8250196-9419-4b06-9634-48f6c3570b53}
Flags: needinfo?(mattgaspar10)
|
Assignee | |
Comment 4•5 years ago
•
|
||
I’ve reviewed the add-ons and confirmed they are collecting ancillary user data and injecting remote scripts against our policies.
Full list:
{cf7362f7-d34e-423d-ade0-ff408145d75d}
{225a2fd0-2266-4bbf-b1db-b4cd7ee3b774}
{89ac12b3-2da6-423f-afdd-a755925070d9}
{3c56ddf2-a46b-4338-9dc4-bf79a6947838}
{4aec95dd-4720-4b7b-9032-c53c71c69531}
{19efb4dd-72e6-4e76-9814-9185f0cebe1a}
{a73d9f4d-dff4-47ff-ad33-1747dc74faf8}
{58c16ee9-4ac8-466c-b8ac-5d8b019945f3}
{a88f8f80-e2f4-4357-9f85-d49fcc22662e}
{a623f590-df10-4f74-a281-27457212e744}
{14df2d69-1ca8-4e68-8289-23816420eebe}
{7789cecb-ccd2-4a7f-a75b-8d0243ab68b8}
{0e2b182e-05c6-4830-9d20-b402c5598e55}
{fd03573a-9361-4f90-9c60-be6013ebfb8e}
{5ae01022-7989-4620-b46e-7ba5859e20d3}
{d3ced839-59e1-4389-8631-a9f153187990}
{07d66467-bc14-433c-84d7-905e8d2f550f}
{3019ef01-bffd-45cf-8cd1-46f6c56cdda4}
{1f0c9873-0598-4132-b20a-f0ab42c5c8a3}
{b955bec7-392d-4074-bac8-60c6d1f402f5}
{9f45dcf0-549e-4f15-a0ad-99ac2821fd8d}
{16d5d1cf-0aef-4adf-99ce-214eb32d38fa}
{b38602ca-4ac6-40b1-b20c-55828f514b3d}
{55318007-10db-4d47-b4df-3946ed3653af}
{cd2d96b3-e8ec-4ef9-95ba-72ee0dae011a}
{b8250196-9419-4b06-9634-48f6c3570b53}
{2a738b9e-5147-4441-91cd-e40a1ef50a27}
{777580ee-50ee-4c37-98a9-844111149404}
{a44f69d9-9c70-4b33-9502-b19e79399e3c}
{2e6daca8-d5b4-4611-bd81-b964ab97bee8}
{6fda5ac5-a41f-4905-a5c0-860313ab535b}
{d51b14e2-4c5f-4601-b2b6-af8b572171cc}
{dc5b9553-f925-43c5-936a-fd9ff0e56e47}
{b0d8908e-ac38-473b-b20f-3a8d775c23f9}
{d96abf04-438b-45a6-b6ec-3036124b5458}
{469003fe-c00d-45db-82b7-c04635c227e9}
{7d04eb8b-023a-4966-b6b9-06c706081d74}
{41987721-6948-46f5-9e68-bcaf776e35ea}
{127f13e3-f58a-44f6-bff8-955dd3688448}
{09c02fc4-4a23-43c4-b1ad-854a3e1e6a29}
{d061e0a3-7554-4a78-b7cf-e3f57df09b00}
{28e445aa-892e-42e3-a0f1-30ab0ebba44c}
{bc158e4c-6514-4b0e-9da4-6018326fe634}
{fde60598-cfe6-4e9c-9f7a-28ea348a7f09}
{a7addae9-82ab-4d91-a2b9-be373207bd9b}
{71cc8c13-7aab-49d4-a419-b6e2880daaf0}
{9a43f082-11c5-4062-bbad-04b63e6ed433}
{19cdad5d-2a97-46b4-ba28-3a191d18b174}
{99ee7e8c-61c2-4ffc-8f7a-c70c0bd4f1f9}
{47706cc2-917e-4a2d-aba1-ee5c05613e0d}
{a1a40297-cfac-455a-ad94-ef20eda2672a}
{d807c94c-fbd3-48b7-9c07-a54336ace9f3}
{0645230a-9e65-4a9d-ae90-97416f33f29d}
{064d021b-9424-4700-b550-80c7a983c240}
{59722380-31f0-4588-ac19-670f021cd67b}
{0f504621-b4e1-4d5b-89dc-b57399b10c29}
{ba135229-de15-41d9-8a35-fd198698fda4}
{2117ec43-2df6-4bf2-a468-f067ea721432}
{fd3fa8d5-be30-4e57-ba9e-ad11d0f70c41}
{cb8e0410-17e0-4866-8075-b3224d52ea6b}
{dff54861-9936-440e-94a0-92d39794be5c}
{72c03815-0ef1-427f-b577-9c73bd19a7ca}
{f13a447c-857b-4d93-a5cd-cb2578ede3d9}
{8717ef97-76f5-4729-8a94-1ce396c0d2e9}
{5e192df0-d31d-42b7-b866-155068118d2a}
{d9238c4c-4259-4c0a-92c5-d03006959c1b}
{95716b5d-ce17-4a97-9691-40f62291649e}
{a0f9afee-bc26-4fa9-a1df-c705ad21cc94}
{8f02a7c1-c6a1-4d3c-923a-59bd7e373205}
{2452d750-d1dd-4cef-be51-3cc75f7a62d7}
{e077a5e8-62c9-41a6-8427-10445a3d7818}
{1685d632-1737-4bae-83a4-b0df6541f187}
Assignee: nobody → philipp
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 5•5 years ago
|
||
The block has been staged. Stuart, can you review and push?
Flags: needinfo?(scolville)
|
||
Comment 6•5 years ago
|
||
Done.
Group: blocklist-requests
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(scolville)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•