Malicious "Facebook!" add-on

RESOLVED FIXED

Status

addons.mozilla.org
Security
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: MarkH, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

58.72 KB, application/octet-stream
Details
(Reporter)

Description

5 years ago
Created attachment 595847 [details]
20120208 Facebook theme.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11

Steps to reproduce:

Downloaded the XPI from  
http://stalkers.jiteshkakkar.com/install.xpi




Actual results:

After install, it injects youtube.js from the add-on, which is packed, to inject
http://stalkers.jiteshkakkar.com/script.php

script.php is JS, which steals your Facebook cookies, grabs your friends list and has you share a link to http://stalkers.jiteshkakkar.com/video.php?<uid> to your wall.


Expected results:

It shouldn't steal your cookies and post messages to Facebook without your permission.
Assignee: nobody → jorge
Component: Blocklisting → Add-on Security
QA Contact: blocklisting → security
(Assignee)

Comment 1

5 years ago
em:id="royal@facebook.com"
em:creator="Mark" :P
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Comment 2

5 years ago
https://addons.mozilla.org/en-US/firefox/blocked/i64
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.