Last Comment Bug 755635 - Malicious "Zaman Tuneli Kadir!" add-on
: Malicious "Zaman Tuneli Kadir!" add-on
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
-- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: Jorge Villalobos [:jorgev]
Depends on:
  Show dependency treegraph
Reported: 2012-05-15 23:26 PDT by MarkH
Modified: 2016-03-07 15:30 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Attachments (password 'infected') (11.97 KB, application/octet-stream)
2012-05-15 23:26 PDT, MarkH
no flags Details

Description User image MarkH 2012-05-15 23:26:05 PDT
Created attachment 624307 [details] (password 'infected')

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5

Steps to reproduce:

Downloaded add-on from

Actual results:

Add-on injects http(s):// which, provided your referrer is set to Facebook, injects an iframe loading  http://www.zamantunelinikaldir/.com/onFrame.html

After the iframe loads, the user's Facebook session tokens are stolen and posted to the page loaded in the iframe.  Those stolen tokens are then used to spam Facebook.

Expected results:

It should not steal your session tokens and post them to a 3rd party server.
Comment 1 User image Jorge Villalobos [:jorgev] 2012-05-16 09:57:35 PDT
Id: {68b8676b-99a5-46d1-b390-22411d8bcd61}
Comment 2 User image Jorge Villalobos [:jorgev] 2012-05-16 10:45:12 PDT

Note You need to log in before you can comment on or make changes to this bug.