Last Comment Bug 723753 - Malicious "Video Extension" add-on
: Malicious "Video Extension" add-on
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
-- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: Jorge Villalobos [:jorgev]
: 724669 732540 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2012-02-02 16:03 PST by MarkH
Modified: 2016-03-07 15:30 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

20120203 (32.28 KB, application/octet-stream)
2012-02-02 16:03 PST, MarkH
no flags Details

Description User image MarkH 2012-02-02 16:03:13 PST
Created attachment 593998 [details]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7

Steps to reproduce:

Downloaded an add-on from

Actual results:

Injects ->

injects as an <iframe>


steals your Facebook cookies and friends list

Sends likes for Facebook page "256388957767782"

Injects as an <iframe>

Has you post links to', '

Uses the API creds to create a custom URL for the spam.

Grabs your mobile upload address and sends it to

Spams your Facebook friends via

Geo-locates you via

Injects a img tag of fmr0hckeuh74

Expected results:

It should not steal your Facebook information and cookies to send spam to your Facebook friends without your consent.
Comment 1 User image Jorge Villalobos [:jorgev] 2012-02-02 16:28:33 PST
Comment 2 User image Jorge Villalobos [:jorgev] 2012-02-02 16:39:25 PST
Comment 3 User image Jorge Villalobos [:jorgev] 2012-02-06 14:45:06 PST
*** Bug 724669 has been marked as a duplicate of this bug. ***
Comment 4 User image Jorge Villalobos [:jorgev] 2012-03-02 12:41:00 PST
*** Bug 732540 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.