Closed
Bug 721646
Opened 13 years ago
Closed 13 years ago
Malicious "Plugin Video" Add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
References
Details
Attachments
(1 file)
|
41.19 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Steps to reproduce:
Downloaded http://123buzzbuzz.free[.]fr/content.xpi
Actual results:
Add-on name "Plugin Video"
Add-on homepage http://123buzzbuzz.free.fr
Addon contains youtube.js, which injects <script> to load http://123buzzbuzz.free.fr/g.js
g.js injects <script> to load http://123buzzbuzz.free.fr/yeah.js
yeah.js does the following
steals the user's Facebook cookies / tokens
grabs their friends list
likes one of the following Facebook pages with ids "170270043065994","125634380874892","146184075465813","152559774839890","274266539251303","290925474288531","316272665054709"
spams one from a set of text / bit.ly URL combos onto the user's wall
all of the bit.ly URLs redirect to wholesale44.free.fr domain
it then posts one of the same msg / URL pairs to the Facebook open graph
Expected results:
It should not steal cookies from the user's Facebook session and send messages to the user's friends without their consent.
|
Assignee | |
Comment 1•13 years ago
|
||
|
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 2•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•