The default bug view has changed. See this FAQ.

Malicious "Youtube Speed UP!" Add-On

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: MarkH, Assigned: fligtar)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
Created attachment 584906 [details]
youtube.xpi

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

A malicious add-on, named "Youtube Speed UP!" is being served to Facebook users via a fake YouTube page.  The add-on sends spam to a user's Facebook friends by stealing their browser cookies.

This is similar to the "Free Cheesecake Factory" add-on we reported last week.


Actual results:

Installed add-on, spam sent from the victim's Facebook account.


Expected results:

No spam.
(Assignee)

Comment 1

5 years ago
Blocked in prod. Thanks.

guid: admin@youtubespeedup.com
Assignee: nobody → fligtar
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Component: Add-on Security → Blocklisting
QA Contact: security → blocklisting
Resolution: --- → FIXED
(Assignee)

Comment 2

5 years ago
FYI, as of yesterday this add-on had 558 users. It first appeared in the wild 3 days ago.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.