Closed Bug 759950 Opened 13 years ago Closed 13 years ago

Blocklist malicious "abusable.net" add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:

Component:

Type:

defect

Priority:

Not set

Severity:

normal

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: jorgev, Assigned: jorgev)

Details

Jorge Villalobos [:jorgev] (he/him)

Assignee

Description

•

13 years ago

What I did? Downloaded add-on from http://abusable.net/x/video.php?56473456456 What happened? DL URLs: FF - http://abusable.net/x/video.php?id=1 Analysis: Loads JS from the add-on Calls out to the following URLs (both return the same data) http://juyh12.me/j.php http://kmjh78.asia/j.php juyh12.me/j.php and kmjh78.asia/j.php: injects http://juyh12.me/js_f.php?v=tg0002 a library of functions to: grab a user's Facebook or Tagged session details solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u send log data to http://juyh12.me/ss.php?r post to Facebook and Tagged js_f.php: same code as j.php What should have happened? It shouldn't steal your Facebook session information and post as a user without their consent.

Jorge Villalobos [:jorgev] (he/him)

Assignee

Comment 1

•

13 years ago

Id: pfzPXmnzQRXX6@2iABkVe.com

Status: NEW → ASSIGNED

Jorge Villalobos [:jorgev] (he/him)

Assignee

Comment 2

•

13 years ago

Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i99

Status: ASSIGNED → RESOLVED

Closed: 13 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: addons.mozilla.org → Toolkit

You need to log in before you can comment on or make changes to this bug.