Malicious "Flash Player" add-on

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
6 years ago
2 years ago

People

(Reporter: MarkH, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

4.99 KB, application/octet-stream
Details
(Reporter)

Description

6 years ago
Created attachment 606354 [details]
20120315_fb_video_update.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11

Steps to reproduce:

Downloaded the add-on from http://vidsforeveryone472.com/x/FacebookVideoUpdate.xpi


Actual results:

The add-on uses the contained, obfuscated, JS file "s.js" to harvest all of your Facebook cookies and post them to a 3rd party server.

Those cookies can be, and are being, used to hijack the user's account and spam Facebook users from their own servers.



Expected results:

It shouldn't steal your Facebook cookies and send them to a third-party server.
(Assignee)

Comment 1

6 years ago
ID: a1g0a9g219d@a1.com
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Comment 2

6 years ago
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i73
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 3

6 years ago
another one... kindly block this one too.

http://updates.fasttrackonlinesurveys.com/x/FacebookVideoUpdate.xpi
(Assignee)

Comment 4

6 years ago
(In reply to McDillan from comment #3)
> another one... kindly block this one too.
> 
> http://updates.fasttrackonlinesurveys.com/x/FacebookVideoUpdate.xpi

That add-on was already blocked on bug 736275.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.