Closed Bug 610972 Opened 15 years ago Closed 15 years ago

AMO User ycubed is claiming 4 add-ons (including Firebug) as his own

Categories

(addons.mozilla.org :: Security, defect, P3)

Product:
addons.mozilla.org
Component:
Security
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
5.12.3

People

(Reporter: KenSaunders, Assigned: jorgev)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:2.0b8pre) Gecko/20101109 Firefox/4.0b8pre Build Identifier: Mozilla/5.0 (Windows NT 6.0; rv:2.0b8pre) Gecko/20101109 Firefox/4.0b8pre ycubed user/5536359, signed up to AMO 3 days ago (November 7, 2010) and is claiming to have developed the following add-ons. Firebug Stylish FoxTab DownThemAll! I have not looked at the XPI's because quite frankly, I wouldn't know what to look for, but the last time that I reported something very similar to this, the AMO member was adding some extra JS to already existing add-ons that were developed by others. He was eventually banned, and I believe that what he added did pose a security risk to end users (don't quote me on that). This may the same situation which I why I'm filing this bug. Sorry that I don't have more specifics and someone else will have to do the leg work on this. Reproducible: Always Steps to Reproduce: Visit https://addons.mozilla.org/en-US/firefox/user/5536359/ Actual Results: Harmful code MAY have been added to add-ons. AMO member claiming other developer's works as his own. Expected Results: Smarter people on the planet
Thanks Ken. I disabled the user account and the add-ons. I'm assigning the bug to jorge so he can look at the files. We already have plans to prevent duplicate add-on names and change the review process, so I think we'll be protected from this soonish.
Assignee: nobody → jorge
Status: UNCONFIRMED → NEW
Ever confirmed: true
Jeff or Ken: can any of you give me the ids or URLs of the disabled add-ons? Thanks.
mysql> select addon_id from addons_users where user_id=5536359; +----------+ | addon_id | +----------+ | 252512 | | 252513 | | 252552 | | 252554 | +----------+
I ran diffs for all 4 add-ons against their originals, and the difference is minimal. The developer basically replaced the add-on id on every place he found it and then added a script called noAds.js in the main overlay. The script is based (apparently) on the NoAds add-on, but I didn't see any resemblance, at least with the latest version. Looking at the script, it doesn't appear to be dangerous for the user in any way. It looks for Google Ads iframes and replaces them with its own, from http://ourforum.sourceforge.net/sda.php, which also appear to be Google ads. The developer was trying to use these add-ons to increase his ad revenue, apparently. Since the add-ons have been disabled, and they have dismal usage stats, I think this can be resolved as fixed with nothing more to do. Thank you, Ken!
Status: NEW → RESOLVED
Closed: 15 years ago
Priority: -- → P3
Resolution: --- → FIXED
Target Milestone: --- → 5.12.3
You need to log in before you can comment on or make changes to this bug.