Closed
Bug 766852
Opened 13 years ago
Closed 13 years ago
Malicious "Aplicativo" add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: mhammell, Assigned: jorgev)
Details
Attachments
(1 file)
|
28.14 KB,
application/octet-stream
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
Steps to reproduce:
Installed "credito.xpi"
Actual results:
On each page load:
Injects some JS via toolbarOverlay.xul in the FF add-on:
http://64.31.12.85/~juninba1/Creditos/oi2.js
oi2.js:
injects the contents of http://64.31.12.85/~juninba1/Creditos/lol.txt as a
<script> tag
lol.txt:
spams out "Eu nunca mais pago por SMS e TORPEDO CURTE AI ASUHAUHSHAUS >>
http://www.facebook.com/pages/"+Math.floor((Math.random()*100)+1)+"/3093858
85808050?sk=app_139478552796147"
has the victim like a Facebook page
Expected results:
It shouldn't access your Facebook session and post repeatedly as you, without your consent.
|
Assignee | |
Comment 1•13 years ago
|
||
Id: {28bfb930-7620-11e1-b0c4-0800200c9a66}
Assignee: nobody → jorge
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Assignee | |
Comment 2•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
||
Comment 3•13 years ago
|
||
is there any way how i can get this unplugged??i have been having trouble with my facebook game apps and i think this is the problem
|
|
Assignee | |
Comment 4•12 years ago
|
||
(In reply to gina_te01@yahoo.com from comment #3)
> is there any way how i can get this unplugged??i have been having trouble
> with my facebook game apps and i think this is the problem
Please visit our support site for problem resolutions: http://support.mozilla.com/.
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•