Last Comment Bug 541302 - Blocklist malicious "Internal security options editor" extension
: Blocklist malicious "Internal security options editor" extension
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
-- blocker (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Jorge Villalobos [:jorgev]
Depends on:
  Show dependency treegraph
Reported: 2010-01-21 20:23 PST by Matthew Middleton (:zzxc)
Modified: 2016-03-07 15:30 PST (History)
7 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image Matthew Middleton (:zzxc) 2010-01-21 20:23:06 PST
Created attachment 422911 [details]
Copy of the extension, obtained from a user's global extensions folder

Several users today in Live Chat reported having an extension that is redirecting websites (,, and anything with 'search' in the url) to malicious sites.  I got a copy of the extension, which is attached to this bug.

The guid of the extension is {8CE11043-9A15-4207-A565-0C94C42D590D} , and several anti-malware programs are recognizing it as malware.  This GUID should be blocklisted for all versions of all applications.
Comment 1 User image Justin Scott [:fligtar] 2010-01-22 10:51:17 PST
morgamic, can we do this today? I confirmed the add-on hijacks all search results for Google, Yahoo, Bing, and AOL and masks itself as an "Internal security" add-on.
Comment 2 User image Michael Morgan [:morgamic] 2010-01-22 13:57:59 PST
INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{847b3a00-7ab1-11d4-8f02-006008948af5}', null, null);

Would have to run that on prod and that's all we have to do.
Comment 3 User image Michael Morgan [:morgamic] 2010-01-24 21:33:41 PST
Err, bad query, meant:

INSERT INTO `blitems` (`guid`, `min`, `max`) VALUES
('{8CE11043-9A15-4207-A565-0C94C42D590D}', null, null);
Comment 4 User image Michael Morgan [:morgamic] 2010-01-24 22:01:29 PST
This was pushed.  When/how should we publish the info on ?
Comment 5 User image Justin Scott [:fligtar] 2010-01-24 22:11:58 PST
We can do it whenever. Probably something like:

"Internal security" add-on, all versions for all applications. Reason: Secretly hijacks all search results in most major search engines masked as a security add-on.

Note You need to log in before you can comment on or make changes to this bug.