Closed Bug 792132 Opened 12 years ago Closed 12 years ago

Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: cviecco, Assigned: jorgev)

Details

(Whiteboard: [extension])

Extension name: Cuevana Stream Extension UUID: a3a5c777-f583-4fef-9380-ab4add1bc2a8 Extension versions to block: 4.2 Applications, versions, and platforms affected affected: Firefox Desktop, all platforms Block severity: hard Homepage, AMO listing, other references and contact info: Homepage: http://www.cuevana.tv/ Malware detected references: [1] http://www.dragonjar.org/cuevana-tv-y-su-plugin-espia.xhtml [2] http://www.forocoches.com/foro/showthread.php?t=2923803 [3] https://twitter.com/Cuevana/status/247490958697041920 [4] http://blog.segu-info.com.ar/2012/09/el-plug-in-de-cuevana-roba-informacion.html [5] http://www.addictware.com.mx/index.php/seguridad/3244-cuevana-distribuye-malware contact info: Tomas Escobar <tescobar@cuevana.tv> Reasons: Addon not hosted in AMO, hosting server got compromised and a malicious version of the malware was hosted. The compromised version steals passwords. Vendor has been contacted and has agreed to the blocking (they prefer softblock).
Summary: Extension block request: <UUID> → Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Is there a newer version of this add-on with a number above 4.2?
Assignee: nobody → jorge
Yes. They created a version 4.3, that is currently available at: http://www.cuevana.tv/player/plugins/cstream-4.3.xpi
They have also asked us if we would be willing to host their extension inside AMO.
Their extension is legal in their country (I think), but I don't think it would pass our current copyrighted content policies, unfortunately.
The add-on version is (hard) blocked now in production: https://addons.mozilla.org/en-US/firefox/blocked/i142 Removing security flag, since this is very public and the block points to this bug.
Group: client-services-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.