The default bug view has changed. See this FAQ.

Malicious "Zaman Tuneli Kadir!" add-on

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: MarkH, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Created attachment 624307 [details]
20120515_zaman.zip (password 'infected')

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5

Steps to reproduce:

Downloaded add-on from http://zamantunelinikaldir.com/


Actual results:

Add-on injects http(s)://www.zamantunelinikaldir.com/timelineremove.js which, provided your referrer is set to Facebook, injects an iframe loading  http://www.zamantunelinikaldir/.com/onFrame.html

After the iframe loads, the user's Facebook session tokens are stolen and posted to the page loaded in the iframe.  Those stolen tokens are then used to spam Facebook.


Expected results:

It should not steal your session tokens and post them to a 3rd party server.
(Assignee)

Comment 1

5 years ago
Id: {68b8676b-99a5-46d1-b390-22411d8bcd61}
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Comment 2

5 years ago
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i93
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.