The default bug view has changed. See this FAQ.

Blocklist malicious "Adobe Flash Player 12.4.0" extension

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: jorgev, Assigned: jorgev)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 1 obsolete attachment)

6.84 KB, application/x-xpinstall
Details
(Assignee)

Description

5 years ago
I've received multiple reports about this add-on. It is distributed at http://www.peliculas-flv.com/ (currently down), and it tries to pass as a Flash Player installer. This add-on is using obfuscated remote scripts to conduct DDOS attacks against other video sites.

The add-on id is {ec8030f7-c20a-464f-9b0e-13a3a9e97384}, which is the same ID as Firefox. I don't think this should be a problem, but I need QA to make sure.
(Assignee)

Comment 1

5 years ago
The add-on is blocked on staging: https://addons-dev.allizom.org/en-US/firefox/blocked/i113

QA, please verify that the block works correctly once I post the XPI file.
Keywords: qawanted

Comment 2

5 years ago
Created attachment 647406 [details]
Contenido del XPI comprimido
(Assignee)

Comment 3

5 years ago
Created attachment 647413 [details]
XPI file to block

I'm blocking this ID for all versions because people shouldn't be using the Firefox ID for their add-ons anyway.
Attachment #647406 - Attachment is obsolete: true

Updated

5 years ago
QA Contact: jbecerra
(Assignee)

Comment 4

5 years ago
We tested the staged block ourselves and it appears to be working correctly.

The block is now live in prod: https://addons.mozilla.org/en-US/firefox/blocked/i115
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Comment 5

5 years ago
No me queda nada más que decir que muchas gracias a todo equipo de Mozilla por habernos escuchado y tomado en cuenta nuestras quejas. A seguir usando el mejor navegador de todo y el más seguro.
I think that this block is going to stop a lot of "messed-up" add-ons (I've just found another one that uses the same ID of Firefox as the add-on id).
I've verified this in production. I've tested this by installing the XPI attached in this bug, installing the Timer Fire 1.6 extension, restarting, and firing the blocklist timer. When I fire the timer I get a dialog prompting me to restart Firefox indicating it has blocked the extension in question. When I restart it is disabled.
Keywords: qawanted

Comment 8

5 years ago
Hey guys, you also blocked the valid Adobe Flash plugin needed for virtually every website that carries video content... Who tests this stuff anyway?

We all know Adobe hasn't released Flash 12.4 yet, the version you're blocking isn't limited to 12.4... You're also blocking the legit version 11.3., and I'm on a Mac, not a Winblows box.
(Assignee)

Comment 9

5 years ago
No, we didn't block the Flash plugin with this block. This a malicious extension that uses the Adobe Flash name, but uses an id that has nothing to do with Adobe.

I recommend that you go to our support site for help with this: http://support.mozilla.com/

Comment 10

5 years ago
I have just switched back to Firefox (from Chrome) and I believe think this blacklist has just blocked a legitimate add-on which I actively use for http://www.monsterdivx.com/

Please investigate.

Comment 11

5 years ago
Please re-open ticket.
(Assignee)

Comment 12

5 years ago
I don't know if the add-on distributed on that website is the same being blocked here. However, as noted in comment #0, the id corresponds to the Firefox application id, which is wrong for any add-on to use. You can contact the owners of that website and let them know that they need to use a different id for their add-on.
(Assignee)

Updated

3 years ago
Duplicate of this bug: 1054523
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.