Last Comment Bug 779014 - Blocklist malicious "Adobe Flash Player 12.4.0" extension
: Blocklist malicious "Adobe Flash Player 12.4.0" extension
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
-- normal (vote)
: ---
Assigned To: Jorge Villalobos [:jorgev]
: juan becerra [:juanb]
: Jorge Villalobos [:jorgev]
: 1054523 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2012-07-30 18:25 PDT by Jorge Villalobos [:jorgev]
Modified: 2016-03-07 15:30 PST (History)
10 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Contenido del XPI comprimido (6.84 KB, application/octet-stream)
2012-07-30 19:32 PDT, MendlerPB
no flags Details
XPI file to block (6.84 KB, application/x-xpinstall)
2012-07-30 20:00 PDT, Jorge Villalobos [:jorgev]
no flags Details

Description User image Jorge Villalobos [:jorgev] 2012-07-30 18:25:40 PDT
I've received multiple reports about this add-on. It is distributed at (currently down), and it tries to pass as a Flash Player installer. This add-on is using obfuscated remote scripts to conduct DDOS attacks against other video sites.

The add-on id is {ec8030f7-c20a-464f-9b0e-13a3a9e97384}, which is the same ID as Firefox. I don't think this should be a problem, but I need QA to make sure.
Comment 1 User image Jorge Villalobos [:jorgev] 2012-07-30 18:31:55 PDT
The add-on is blocked on staging:

QA, please verify that the block works correctly once I post the XPI file.
Comment 2 User image MendlerPB 2012-07-30 19:32:27 PDT
Created attachment 647406 [details]
Contenido del XPI comprimido
Comment 3 User image Jorge Villalobos [:jorgev] 2012-07-30 20:00:26 PDT
Created attachment 647413 [details]
XPI file to block

I'm blocking this ID for all versions because people shouldn't be using the Firefox ID for their add-ons anyway.
Comment 4 User image Jorge Villalobos [:jorgev] 2012-08-01 13:55:28 PDT
We tested the staged block ourselves and it appears to be working correctly.

The block is now live in prod:
Comment 5 User image MendlerPB 2012-08-01 16:43:21 PDT
No me queda nada más que decir que muchas gracias a todo equipo de Mozilla por habernos escuchado y tomado en cuenta nuestras quejas. A seguir usando el mejor navegador de todo y el más seguro.
Comment 6 User image Francesco Lodolo [:flod] 2012-08-02 03:26:49 PDT
I think that this block is going to stop a lot of "messed-up" add-ons (I've just found another one that uses the same ID of Firefox as the add-on id).
Comment 7 User image juan becerra [:juanb] 2012-08-02 14:15:26 PDT
I've verified this in production. I've tested this by installing the XPI attached in this bug, installing the Timer Fire 1.6 extension, restarting, and firing the blocklist timer. When I fire the timer I get a dialog prompting me to restart Firefox indicating it has blocked the extension in question. When I restart it is disabled.
Comment 8 User image brichter 2012-08-12 18:00:31 PDT
Hey guys, you also blocked the valid Adobe Flash plugin needed for virtually every website that carries video content... Who tests this stuff anyway?

We all know Adobe hasn't released Flash 12.4 yet, the version you're blocking isn't limited to 12.4... You're also blocking the legit version 11.3., and I'm on a Mac, not a Winblows box.
Comment 9 User image Jorge Villalobos [:jorgev] 2012-08-13 08:04:43 PDT
No, we didn't block the Flash plugin with this block. This a malicious extension that uses the Adobe Flash name, but uses an id that has nothing to do with Adobe.

I recommend that you go to our support site for help with this:
Comment 10 User image ganesha.rajanaidu 2012-08-28 03:20:48 PDT
I have just switched back to Firefox (from Chrome) and I believe think this blacklist has just blocked a legitimate add-on which I actively use for

Please investigate.
Comment 11 User image ganesha.rajanaidu 2012-08-28 03:21:15 PDT
Please re-open ticket.
Comment 12 User image Jorge Villalobos [:jorgev] 2012-08-28 09:50:01 PDT
I don't know if the add-on distributed on that website is the same being blocked here. However, as noted in comment #0, the id corresponds to the Firefox application id, which is wrong for any add-on to use. You can contact the owners of that website and let them know that they need to use a different id for their add-on.
Comment 13 User image Jorge Villalobos [:jorgev] 2014-08-21 12:23:33 PDT
*** Bug 1054523 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.