Closed
Bug 842402
Opened 11 years ago
Closed 11 years ago
Block more malicious Codec add-ons
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: jorgev, Assigned: jorgev)
References
Details
We need to follow up bug 806451 because there is a whole category of malicious ids that wasn't covered there. These come in the form [0-9a-f]{13}@[0-9a-f]{13}\.com, which we can now verify is pretty safe to block without collateral damage. Since this is a major block, we will go through staging and some testing before pushing it live.
Assignee | ||
Comment 1•11 years ago
|
||
The block is staged now: https://addons-dev.allizom.org/en-US/firefox/blocked/i279 Kris, can you give this a look and make sure it works as expected?
Flags: needinfo?(kmaglione+bmo)
Comment 2•11 years ago
|
||
The regexp should probably have a $ at the end. Other than that, I tested with one of the known IDs and it worked as expected.
Flags: needinfo?(kmaglione+bmo)
Assignee | ||
Comment 3•11 years ago
|
||
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i288
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•11 years ago
|
||
Apparently these IDs are being generated by a platform called justplug.it, whose creators just contacted me. I'm backing out this block while we investigate.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 5•11 years ago
|
||
It looks like most of these IDs correspond to their add-ons, since they are generating a new ID for every XPI :(. I met with them and we're following up with policy compliance issues via email. If that doesn't lead anywhere I'll file a new block bug.
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → WONTFIX
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•