Closed Bug 714221 Opened 14 years ago Closed 14 years ago

Malicious "Youtube Speed UP!" Add-On

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mhammell, Assigned: fligtar)

Details

Attached file youtube.xpi
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 Steps to reproduce: A malicious add-on, named "Youtube Speed UP!" is being served to Facebook users via a fake YouTube page. The add-on sends spam to a user's Facebook friends by stealing their browser cookies. This is similar to the "Free Cheesecake Factory" add-on we reported last week. Actual results: Installed add-on, spam sent from the victim's Facebook account. Expected results: No spam.
Blocked in prod. Thanks. guid: admin@youtubespeedup.com
Assignee: nobody → fligtar
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Component: Add-on Security → Blocklisting
QA Contact: security → blocklisting
Resolution: --- → FIXED
FYI, as of yesterday this add-on had 558 users. It first appeared in the wild 3 days ago.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.