Created attachment 584906 [details] youtube.xpi User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 Steps to reproduce: A malicious add-on, named "Youtube Speed UP!" is being served to Facebook users via a fake YouTube page. The add-on sends spam to a user's Facebook friends by stealing their browser cookies. This is similar to the "Free Cheesecake Factory" add-on we reported last week. Actual results: Installed add-on, spam sent from the victim's Facebook account. Expected results: No spam.
Blocked in prod. Thanks. guid: firstname.lastname@example.org
FYI, as of yesterday this add-on had 558 users. It first appeared in the wild 3 days ago.