Closed
Bug 841791
Opened 11 years ago
Closed 11 years ago
Blocklist potentially malicious Flash Player add-on
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
FIXED
People
(Reporter: monzta-kw, Unassigned)
Details
(Whiteboard: [extension])
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130201065344 Actual results: I am one of the filter subscription mantainers of the "EasyList" filter for Adblock Plus. We get quite some reports about unblocked ads which are injected by a malicious "Flash Player" extension. Adblock Plus has an issue reporting feature to report unblocked ads or issues to the filterlist maintainers like me. Here are some issue reports of infected users: https://reports.adblockplus.org/5ac0b2fe-b529-465e-bbe6-3e1d4fc6a511#tab=requests https://reports.adblockplus.org/167a35da-eb11-1745-ba1b-87012b1d33ad#tab=screenshot https://reports.adblockplus.org/2b617aea-5d79-49a3-90d6-dd1764defc7f#tab=screenshot The problem is that the extension ID seems to be always a different one. These are the ones I collected so far: 34qEOefiyYtRJT@IM5Munavn.com Mro5Fm1Qgrmq7B@ByrE69VQfZvZdeg.com KtoY3KGxrCe5ie@yITPUzbBtsHWeCdPmGe.com 9NgIdLK5Dq4ZMwmRo6zk@FNt2GCCLGyUuOD.com NNux7bWWW@RBWyXdnl6VGls3WAwi.com E3wI2n@PEHTuuNVu.com 2d3VuWrG6JHBXbQdbr@3BmSnQL.com
Found another one: "Flash Player 11.1" ID is "support2_en@adobe14.com"
|
||
Comment 2•11 years ago
|
||
a similar extension which caused website redirects was also reported by a user on the mozilla support forums: https://support.mozilla.org/en-US/questions/953200 Name: Flash Player 11 ID: XN4Xgjw7n4@yUWgc.com
A more recent report: https://reports.adblockplus.org/b42ef6ca-1d8e-bd45-bb8e-45bb5d9fb898#tab=screenshot Extension ID: C7yFVpIP@WeolS3acxgS.com Other IDs from the same extension I have collected so far: Kbeu4h0z@yNb7QAz7jrYKiiTQ3.com aWQzX@a6z4gWdPu8FF.com CBSoqAJLYpCbjTP90@JoV0VMywCjsm75Y0toAd.com
|
||
Updated•11 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [extension]
|
||
Comment 4•11 years ago
|
||
Do you have any samples of this malicious extension?
|
|
||
Comment 5•11 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i324 https://addons.mozilla.org/en-US/firefox/blocked/i326 I needed 2 blocks because the ID input field has a size limit and these are just ugly regular expressions that | all the discovered IDs. Since they are randomized, I'm afraid these blocks won't be of much use :/
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•11 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #5) > Blocked: > https://addons.mozilla.org/en-US/firefox/blocked/i324 > https://addons.mozilla.org/en-US/firefox/blocked/i326 Typo in "pretending to the the Flash Player plugin."
(In reply to Jorge Villalobos [:jorgev] from comment #4) > Do you have any samples of this malicious extension? Unfortunately, I do not have any. New ID: zZ2jWZ1H22Jb5NdELHS@o0jQVWZkY1gx1.com (https://reports.adblockplus.org/b254eea6-bff4-d644-a1ef-1904a350990e#tab=screenshot)
|
|
||
Comment 8•11 years ago
|
||
(In reply to monzta-kw from comment #7) > New ID: zZ2jWZ1H22Jb5NdELHS@o0jQVWZkY1gx1.com > (https://reports.adblockplus.org/b254eea6-bff4-d644-a1ef- > 1904a350990e#tab=screenshot) I updated the block to include that ID, thanks.
Another one: HUMgh6NGrN99eQb4@YCwC0JomzM.com (https://reports.adblockplus.org/3e4a0b8a-b3d2-41c0-a47c-cd78b0b014e7#tab=extensions)
|
|
||
Comment 10•11 years ago
|
||
Please file new bugs for new block requests.
|
Assignee | |
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•