Blocklist malicious "Internal security options editor" extension

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
--
blocker
RESOLVED FIXED
7 years ago
a year ago

People

(Reporter: zzxc, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
Created attachment 422911 [details]
Copy of the extension, obtained from a user's global extensions folder

Several users today in Live Chat reported having an extension that is redirecting websites (google.com, bing.com, and anything with 'search' in the url) to malicious sites.  I got a copy of the extension, which is attached to this bug.

The guid of the extension is {8CE11043-9A15-4207-A565-0C94C42D590D} , and several anti-malware programs are recognizing it as malware.  This GUID should be blocklisted for all versions of all applications.
morgamic, can we do this today? I confirmed the add-on hijacks all search results for Google, Yahoo, Bing, and AOL and masks itself as an "Internal security" add-on.
Severity: major → blocker
INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{847b3a00-7ab1-11d4-8f02-006008948af5}', null, null);

Would have to run that on prod and that's all we have to do.
Err, bad query, meant:

INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{8CE11043-9A15-4207-A565-0C94C42D590D}', null, null);
This was pushed.  When/how should we publish the mozilla.com info on http://www.mozilla.com/en-US/blocklist/ ?
We can do it whenever. Probably something like:

"Internal security" add-on, all versions for all applications. Reason: Secretly hijacks all search results in most major search engines masked as a security add-on.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Group: client-services-security
(Assignee)

Updated

a year ago
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.