Blocklist all versions of Mozilla Sniffer

RESOLVED FIXED in 5.11.4

Status

()

Toolkit
Blocklisting
P1
blocker
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: jorgev, Assigned: morgamic)

Tracking

unspecified
5.11.4
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-], URL)

(Reporter)

Description

7 years ago
The Mozilla Sniffer add-on (176005) has been found to be insecure to use and must be blocklisted at once. It is currently disabled on AMO and has about 266 active daily users.
GUID is {E8E88AB0-7182-11DF-904E-6045E0D72085}
Assignee: nobody → morgamic
(Assignee)

Updated

7 years ago
Status: NEW → ASSIGNED
(Assignee)

Comment 2

7 years ago
Admin panel was generating errors so I filed bug 578125.

Query is INSERT INTO `remora`.`blitems` ( `guid` ) VALUES ( '{E8E88AB0-7182-11DF-904E-6045E0D72085}' );

I'll put it on the blocklist page later.  Is there a bug we can reference that describes the issues you are talking about?  Usually I link to that originating bug.
(Assignee)

Updated

7 years ago
Depends on: 578131
I forwarded you the email, there wasn't a bug.
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Comment 4

7 years ago
I'm going to opt to not publish this on mozilla.com.  It has a small following and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't newsworthy since it's just sounds bad to begin with.
Whiteboard: [qa-]
(In reply to comment #4)
> I'm going to opt to not publish this on mozilla.com.  It has a small following
> and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't
> newsworthy since it's just sounds bad to begin with.

I think we should inform users who were using this add-on. Users data was exposed and they need to make changes to keep themselves safe.

As far as I know the only way to do this is via the blocklist page on mozilla.com. If we aren't using that are there other ways to communicate with them?
(In reply to comment #5)
> I think we should inform users who were using this add-on. Users data was
> exposed and they need to make changes to keep themselves safe.
> 
> As far as I know the only way to do this is via the blocklist page on
> mozilla.com. If we aren't using that are there other ways to communicate with
> them?

We're going to be blogging about it. A draft of the blog post is being passed around now among the various involved parties.
(Assignee)

Comment 7

7 years ago
Up to you guys -- it looks weird in the current list...

I'd like to have the blocklist page point to the blog post since this bug isn't really informative as far as they why.

Not having additional information to point to (originating bug with reasoning) was the main reason why I didn't post it on mozilla.com.  I think that'd be pretty weak.

So maybe once the blog post exists so people can understand more we can post it -- sounds fine w/ me.
(Assignee)

Comment 8

7 years ago
Err... "as far as the why"
(In reply to comment #6)
> We're going to be blogging about it. A draft of the blog post is being passed
> around now among the various involved parties.

Cool, thanks for the update.
(Reporter)

Comment 10

7 years ago
Here's the post for both CoolPreviews and Mozilla Sniffer: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.