Closed Bug 792132 Opened 7 years ago Closed 7 years ago

Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8

Categories

(Toolkit :: Blocklist Policy Requests, defect)

defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: cviecco, Assigned: jorgev)

Details

(Whiteboard: [extension])

Extension name: Cuevana Stream
Extension UUID: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Extension versions to block: 4.2
Applications, versions, and platforms affected affected: Firefox Desktop, all platforms
Block severity: hard


Homepage, AMO listing, other references and contact info: 
Homepage: http://www.cuevana.tv/
Malware detected references:
[1] http://www.dragonjar.org/cuevana-tv-y-su-plugin-espia.xhtml
[2] http://www.forocoches.com/foro/showthread.php?t=2923803
[3] https://twitter.com/Cuevana/status/247490958697041920
[4] http://blog.segu-info.com.ar/2012/09/el-plug-in-de-cuevana-roba-informacion.html
[5] http://www.addictware.com.mx/index.php/seguridad/3244-cuevana-distribuye-malware
contact info: Tomas Escobar <tescobar@cuevana.tv>

Reasons: Addon not hosted in AMO, hosting server got compromised and a malicious version of the malware was hosted. The compromised version steals passwords. 

Vendor has been contacted and has agreed to the blocking (they prefer softblock).
Summary: Extension block request: <UUID> → Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Is there a newer version of this add-on with a number above 4.2?
Assignee: nobody → jorge
Yes. They created a version 4.3, that is currently available at:
http://www.cuevana.tv/player/plugins/cstream-4.3.xpi
They have also asked us if we would be willing to host their extension inside AMO.
Their extension is legal in their country (I think), but I don't think it would pass our current copyrighted content policies, unfortunately.
The add-on version is (hard) blocked now in production:

https://addons.mozilla.org/en-US/firefox/blocked/i142

Removing security flag, since this is very public and the block points to this bug.
Group: client-services-security
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.