Closed
Bug 792132
Opened 12 years ago
Closed 12 years ago
Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: cviecco, Assigned: jorgev)
Details
(Whiteboard: [extension])
Extension name: Cuevana Stream
Extension UUID: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Extension versions to block: 4.2
Applications, versions, and platforms affected affected: Firefox Desktop, all platforms
Block severity: hard
Homepage, AMO listing, other references and contact info:
Homepage: http://www.cuevana.tv/
Malware detected references:
[1] http://www.dragonjar.org/cuevana-tv-y-su-plugin-espia.xhtml
[2] http://www.forocoches.com/foro/showthread.php?t=2923803
[3] https://twitter.com/Cuevana/status/247490958697041920
[4] http://blog.segu-info.com.ar/2012/09/el-plug-in-de-cuevana-roba-informacion.html
[5] http://www.addictware.com.mx/index.php/seguridad/3244-cuevana-distribuye-malware
contact info: Tomas Escobar <tescobar@cuevana.tv>
Reasons: Addon not hosted in AMO, hosting server got compromised and a malicious version of the malware was hosted. The compromised version steals passwords.
Vendor has been contacted and has agreed to the blocking (they prefer softblock).
Reporter | ||
Updated•12 years ago
|
Summary: Extension block request: <UUID> → Extension block request: a3a5c777-f583-4fef-9380-ab4add1bc2a8
Assignee | ||
Comment 1•12 years ago
|
||
Is there a newer version of this add-on with a number above 4.2?
Assignee: nobody → jorge
Reporter | ||
Comment 2•12 years ago
|
||
Yes. They created a version 4.3, that is currently available at:
http://www.cuevana.tv/player/plugins/cstream-4.3.xpi
Reporter | ||
Comment 3•12 years ago
|
||
They have also asked us if we would be willing to host their extension inside AMO.
Assignee | ||
Comment 4•12 years ago
|
||
Their extension is legal in their country (I think), but I don't think it would pass our current copyrighted content policies, unfortunately.
Assignee | ||
Comment 5•12 years ago
|
||
The add-on version is (hard) blocked now in production:
https://addons.mozilla.org/en-US/firefox/blocked/i142
Removing security flag, since this is very public and the block points to this bug.
Group: client-services-security
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•