Last Comment Bug 779014 - Blocklist malicious "Adobe Flash Player 12.4.0" extension
: Blocklist malicious "Adobe Flash Player 12.4.0" extension
Status: RESOLVED FIXED
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: juan becerra [:juanb]
Mentors:
http://www.peliculas-flv.com/
: 1054523 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-30 18:25 PDT by Jorge Villalobos [:jorgev]
Modified: 2016-03-07 15:30 PST (History)
10 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Contenido del XPI comprimido (6.84 KB, application/octet-stream)
2012-07-30 19:32 PDT, MendlerPB
no flags Details
XPI file to block (6.84 KB, application/x-xpinstall)
2012-07-30 20:00 PDT, Jorge Villalobos [:jorgev]
no flags Details

Description Jorge Villalobos [:jorgev] 2012-07-30 18:25:40 PDT
I've received multiple reports about this add-on. It is distributed at http://www.peliculas-flv.com/ (currently down), and it tries to pass as a Flash Player installer. This add-on is using obfuscated remote scripts to conduct DDOS attacks against other video sites.

The add-on id is {ec8030f7-c20a-464f-9b0e-13a3a9e97384}, which is the same ID as Firefox. I don't think this should be a problem, but I need QA to make sure.
Comment 1 Jorge Villalobos [:jorgev] 2012-07-30 18:31:55 PDT
The add-on is blocked on staging: https://addons-dev.allizom.org/en-US/firefox/blocked/i113

QA, please verify that the block works correctly once I post the XPI file.
Comment 2 MendlerPB 2012-07-30 19:32:27 PDT
Created attachment 647406 [details]
Contenido del XPI comprimido
Comment 3 Jorge Villalobos [:jorgev] 2012-07-30 20:00:26 PDT
Created attachment 647413 [details]
XPI file to block

I'm blocking this ID for all versions because people shouldn't be using the Firefox ID for their add-ons anyway.
Comment 4 Jorge Villalobos [:jorgev] 2012-08-01 13:55:28 PDT
We tested the staged block ourselves and it appears to be working correctly.

The block is now live in prod: https://addons.mozilla.org/en-US/firefox/blocked/i115
Comment 5 MendlerPB 2012-08-01 16:43:21 PDT
No me queda nada más que decir que muchas gracias a todo equipo de Mozilla por habernos escuchado y tomado en cuenta nuestras quejas. A seguir usando el mejor navegador de todo y el más seguro.
Comment 6 Francesco Lodolo [:flod] - OFFLINE Jun 26-Jul 3 2012-08-02 03:26:49 PDT
I think that this block is going to stop a lot of "messed-up" add-ons (I've just found another one that uses the same ID of Firefox as the add-on id).
Comment 7 juan becerra [:juanb] 2012-08-02 14:15:26 PDT
I've verified this in production. I've tested this by installing the XPI attached in this bug, installing the Timer Fire 1.6 extension, restarting, and firing the blocklist timer. When I fire the timer I get a dialog prompting me to restart Firefox indicating it has blocked the extension in question. When I restart it is disabled.
Comment 8 brichter 2012-08-12 18:00:31 PDT
Hey guys, you also blocked the valid Adobe Flash plugin needed for virtually every website that carries video content... Who tests this stuff anyway?

We all know Adobe hasn't released Flash 12.4 yet, the version you're blocking isn't limited to 12.4... You're also blocking the legit version 11.3., and I'm on a Mac, not a Winblows box.
Comment 9 Jorge Villalobos [:jorgev] 2012-08-13 08:04:43 PDT
No, we didn't block the Flash plugin with this block. This a malicious extension that uses the Adobe Flash name, but uses an id that has nothing to do with Adobe.

I recommend that you go to our support site for help with this: http://support.mozilla.com/
Comment 10 ganesha.rajanaidu 2012-08-28 03:20:48 PDT
I have just switched back to Firefox (from Chrome) and I believe think this blacklist has just blocked a legitimate add-on which I actively use for http://www.monsterdivx.com/

Please investigate.
Comment 11 ganesha.rajanaidu 2012-08-28 03:21:15 PDT
Please re-open ticket.
Comment 12 Jorge Villalobos [:jorgev] 2012-08-28 09:50:01 PDT
I don't know if the add-on distributed on that website is the same being blocked here. However, as noted in comment #0, the id corresponds to the Firefox application id, which is wrong for any add-on to use. You can contact the owners of that website and let them know that they need to use a different id for their add-on.
Comment 13 Jorge Villalobos [:jorgev] 2014-08-21 12:23:33 PDT
*** Bug 1054523 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.