Last Comment Bug 578085 - Blocklist all versions of Mozilla Sniffer
: Blocklist all versions of Mozilla Sniffer
Status: RESOLVED FIXED
[qa-]
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: P1 blocker (vote)
: 5.11.4
Assigned To: Michael Morgan [:morgamic]
:
: Jorge Villalobos [:jorgev]
Mentors:
https://addons.mozilla.org/en-US/fire...
Depends on: 578131
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-12 10:35 PDT by Jorge Villalobos [:jorgev]
Modified: 2016-03-07 15:30 PST (History)
8 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Jorge Villalobos [:jorgev] 2010-07-12 10:35:15 PDT
The Mozilla Sniffer add-on (176005) has been found to be insecure to use and must be blocklisted at once. It is currently disabled on AMO and has about 266 active daily users.
Comment 1 Wil Clouser [:clouserw] 2010-07-12 10:39:39 PDT
GUID is {E8E88AB0-7182-11DF-904E-6045E0D72085}
Comment 2 Michael Morgan [:morgamic] 2010-07-12 12:12:06 PDT
Admin panel was generating errors so I filed bug 578125.

Query is INSERT INTO `remora`.`blitems` ( `guid` ) VALUES ( '{E8E88AB0-7182-11DF-904E-6045E0D72085}' );

I'll put it on the blocklist page later.  Is there a bug we can reference that describes the issues you are talking about?  Usually I link to that originating bug.
Comment 3 Wil Clouser [:clouserw] 2010-07-12 12:30:02 PDT
I forwarded you the email, there wasn't a bug.
Comment 4 Michael Morgan [:morgamic] 2010-07-12 14:12:37 PDT
I'm going to opt to not publish this on mozilla.com.  It has a small following and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't newsworthy since it's just sounds bad to begin with.
Comment 5 Ryan Doherty (:rdoherty) 2010-07-12 17:17:53 PDT
(In reply to comment #4)
> I'm going to opt to not publish this on mozilla.com.  It has a small following
> and isn't announcement worthy.  Mostly, blocking "Mozilla Sniffer" isn't
> newsworthy since it's just sounds bad to begin with.

I think we should inform users who were using this add-on. Users data was exposed and they need to make changes to keep themselves safe.

As far as I know the only way to do this is via the blocklist page on mozilla.com. If we aren't using that are there other ways to communicate with them?
Comment 6 Reed Loden [:reed] (use needinfo?) 2010-07-12 17:30:34 PDT
(In reply to comment #5)
> I think we should inform users who were using this add-on. Users data was
> exposed and they need to make changes to keep themselves safe.
> 
> As far as I know the only way to do this is via the blocklist page on
> mozilla.com. If we aren't using that are there other ways to communicate with
> them?

We're going to be blogging about it. A draft of the blog post is being passed around now among the various involved parties.
Comment 7 Michael Morgan [:morgamic] 2010-07-12 17:35:03 PDT
Up to you guys -- it looks weird in the current list...

I'd like to have the blocklist page point to the blog post since this bug isn't really informative as far as they why.

Not having additional information to point to (originating bug with reasoning) was the main reason why I didn't post it on mozilla.com.  I think that'd be pretty weak.

So maybe once the blog post exists so people can understand more we can post it -- sounds fine w/ me.
Comment 8 Michael Morgan [:morgamic] 2010-07-12 17:35:28 PDT
Err... "as far as the why"
Comment 9 Ryan Doherty (:rdoherty) 2010-07-13 10:27:28 PDT
(In reply to comment #6)
> We're going to be blogging about it. A draft of the blog post is being passed
> around now among the various involved parties.

Cool, thanks for the update.
Comment 10 Jorge Villalobos [:jorgev] 2010-07-13 15:27:32 PDT
Here's the post for both CoolPreviews and Mozilla Sniffer: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/

Note You need to log in before you can comment on or make changes to this bug.