Created attachment 595847 [details]
20120208 Facebook theme.zip
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11
Steps to reproduce:
Downloaded the XPI from
After install, it injects youtube.js from the add-on, which is packed, to inject
script.php is JS, which steals your Facebook cookies, grabs your friends list and has you share a link to http://stalkers.jiteshkakkar.com/video.php?<uid> to your wall.
It shouldn't steal your cookies and post messages to Facebook without your permission.