Created attachment 591974 [details] 20120126 applebees.zip User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7 Steps to reproduce: Downloaded the "applebees.xpi" from http://appbbb/[.]info/applebees/applebees.xpi Actual results: After install, the add-on grabbed some JS from from a remote server and began stealing a Facebook user's cookies to then send likes without the user's knowledge. Expected results: The add-on should not steal the cookies from the user's settings to send messages, without their knowledge, on Facebook.com. The attached file has both the add-on and the remotely loaded JS. The password is 'infected'.