Closed
Bug 830159
Opened 12 years ago
Closed 12 years ago
Malicious add-on support@vide1flash2.com aka "Lastest Adobe Flash Player"
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: nmaier, Unassigned)
Details
Attachments
(2 files)
Just found the attached add-on in the wild on a relative's PC (Ubuntu, not that this matters).
Judging from the browser history it seems the add-on got to the system via a shady porn site with a "plugin is required to play this video" spoof.
It is a variant of bug 755443, etc.
The add-on acts as a loader for other, remotely retrieved javascript, which is then executed in chrome, hence at least being able to compromise the whole active user account.
I suggest immediately blocklisting the add-on in question, id support@vide1flash2.com, and also putting the location of the remote script http://mio98.hk/j.php into the attack sites list! Don't omit the attack sites please, as at least bug 755443 uses the same URL.
Would it be possible to grab the update ping logs and grep for similar ids, seeing that there is at least one other add-on with a very similar id.
Reporter | ||
Comment 1•12 years ago
|
||
Just in case somebody is wondering....
Updated•12 years ago
|
Group: client-services-security
Component: Add-on Security → Blocklisting
Comment 2•12 years ago
|
||
The add-on has been blocklisted: https://addons.mozilla.org/en-US/firefox/blocked/i246
As for adding the URL to the attack sites, I think all that is necessary is to submit it to Google. Is this correct?
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•