Closed
Bug 759663
Opened 13 years ago
Closed 13 years ago
Malicious 'Youtube Video Player' Add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
|
28.89 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5
Steps to reproduce:
Downloaded add-on from http://amasave.com/function.xpi
Actual results:
Plugin injects javascript into the Facebook DOM, which injects http://amasave.com/script.js.
script.js injects
http://beessaal.info/new/extra.js
extra.js
injects spam to promote http://facebooooooks.blogspot.com/
an iframe to http://hosting-libero.com/upload/206101214555index.html
and injects the following:
http://beessaal.info/new/function.js http://beessaal.info/new/function1.js http://beessaal.info/new/love.js
function.js:
injects http://beessaal.info/new/redirect.js
love.js:
Injects http://beessaal.info/new/usa.js, if the victim is in Pakistan
usa.js:
harvests Facebook user's session tokens
sends spam to a Facebook user's friends
redirect.js:
if the victim is in one of 11 countries, it injects http://beessaal.info/new/redirect2.js
redirect2.js:
redirects the user to http://youtoboos.blogspot.com/
Expected results:
It should not steal your Facebook session tokens and use them to spam your friends, without your consent.
|
Assignee | |
Comment 1•13 years ago
|
||
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 2•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•