872211 - Blocklist malicious "SQLlite Addon" extension

Status: RESOLVED INVALID

(Toolkit :: Blocklist Policy Requests, defect)

Description

[Jorge Villalobos [:jorgev] (he/him)]

The add-on was reported here: https://support.mozilla.org/en-US/questions/959379. It uses a deceptive name and apparently does ad injection.

ID: vpyekkifgv@vpyekkifgv.org

Comment 1

[Jorge Villalobos [:jorgev] (he/him)]

Blocked: https://addons.mozilla.org/en-US/firefox/blocked/i352

Comment 2

[[:philipp]]

this addon is also showing up in other threads with a differently generated ID: https://support.mozilla.org/en-US/questions/959395

it would be necessary to block-list them based on the pattern of their ID combined with the name of the extension (or only based on their name) to catch it reliably, without collateral damage to other legit addons which might use a similar naming scheme for the ID.

Comment 3

[Jorge Villalobos [:jorgev] (he/him)]

Given the terrible spelling, I think we can safely block this add-on by name. Over to Blair for comment / patch.

Comment 4

[Jorge Villalobos [:jorgev] (he/him)]

This looks like a good test for our new metadata blocks. Kris, what are the stats for this one?

Comment 5

[Kris Maglione [:kmag]]

It's hard to say. I see a couple of dozen 1 or 2 user versions of this, with different generated IDs, in telemetry. I don't currently keep collated FHR stats for 1-user add-ons, since there are way, way too many of them at the moment.

Comment 6

[Jorge Villalobos [:jorgev] (he/him)]

Closing old blocklist requests that shouldn't be valid after the move to WebExtensions-only in Firefox 57. Please comment if you think this bug is still valid and should be reopened.