Closed Bug 541302 Opened 15 years ago Closed 14 years ago

Blocklist malicious "Internal security options editor" extension

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zzxc, Unassigned)

Details

Several users today in Live Chat reported having an extension that is redirecting websites (google.com, bing.com, and anything with 'search' in the url) to malicious sites.  I got a copy of the extension, which is attached to this bug.

The guid of the extension is {8CE11043-9A15-4207-A565-0C94C42D590D} , and several anti-malware programs are recognizing it as malware.  This GUID should be blocklisted for all versions of all applications.
morgamic, can we do this today? I confirmed the add-on hijacks all search results for Google, Yahoo, Bing, and AOL and masks itself as an "Internal security" add-on.
Severity: major → blocker
INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{847b3a00-7ab1-11d4-8f02-006008948af5}', null, null);

Would have to run that on prod and that's all we have to do.
Err, bad query, meant:

INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{8CE11043-9A15-4207-A565-0C94C42D590D}', null, null);
This was pushed.  When/how should we publish the mozilla.com info on http://www.mozilla.com/en-US/blocklist/ ?
We can do it whenever. Probably something like:

"Internal security" add-on, all versions for all applications. Reason: Secretly hijacks all search results in most major search engines masked as a security add-on.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Group: client-services-security
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.