Closed Bug 857847 Opened 12 years ago Closed 12 years ago

Malicious "The Social Networks" Add-on

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mhammell, Assigned: jorgev)

Details

Attachments

(1 file)

sosyalag.zip
20.56 KB, application/octet-stream
Details
Attached file sosyalag.zip
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31 Steps to reproduce: Downloaded addon from http://www.kingliked.com/get.php Actual results: The addon hijacks the victim's facebook account and begins mass liking and posting to their friends about Facebook pages specified in remote JS loaded and injected by the addon. The attachment, password infected, has the XPI, along with the remote JS loaded by the addon. Expected results: It shouldn't hijack a users facebook account and post messages or take action as them without their consent.
Id: {9e09ac65-43c0-4b9d-970f-11e2e9616c55}
Assignee: nobody → jorge
Status: UNCONFIRMED → NEW
Ever confirmed: true
Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i376
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: