Closed
Bug 943194
Opened 11 years ago
Closed 6 years ago
MaganiPieC extensions adds "remove" metho to Array type
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Toolkit
Blocklist Policy Requests
Tracking
()
RESOLVED
INVALID
People
(Reporter: pierre, Unassigned)
References
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1621.0 Safari/537.36 Steps to reproduce: MaganiPieC extension got installed on my computer silently, really not sure how. Actual results: A method "remove" gets added to the Array type: for(var e in ["alpha","beta"]) { console.log("E:" + e); } Prints: "E:0" "E:1" "E:remove" Expected results: MaganiPieC should be blacklisted it looks like a Trojan, it also does a lot of request on ads site before the actual page loads.
Comment 1•11 years ago
|
||
Can you give us the add-on ID? It can be found in about:support.
Reporter | ||
Comment 2•11 years ago
|
||
Reporter | ||
Comment 3•11 years ago
|
||
I'm sorry I already removed it from my installation. It was an extension, not a plug-in. Not sure if it will help but I've uploaded the only file remnant that was still on my HDD. Its related to this I think: https://forums.malwarebytes.org/index.php?showtopic=123963. I used "Privitize VPN" while in China, I suppose that's how it got installed.
Comment 4•11 years ago
|
||
Found a couple of references to it: https://support.mozilla.org/en-US/questions/951822 https://support.mozilla.org/en-US/questions/968380 And 3 different IDs :( 5115aa5d770b9@5115aa5d770f2.com 511553b61ec7e@511553b61ecb4.com 5115aebe99b53@5115aebe99b8c.com However, they seem to follow a simple pattern. Kris, can you check this out and see install numbers and whether it's worth blocking by regexp?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kmaglione+bmo)
Comment 5•11 years ago
|
||
We've tried to block IDs with these patterns before and wound up reverting them. It also seems that this add-on is going by IDs with multiple other ID patterns and names, e.g., lvjjioau@iieeo.com MaganiiPic ynckcba@nlq.co.uk MaganiiPic 982_cv@qzzcjkqb-fa.org MaganiPic h.zaip@dpjzyuio-.org MaganiPic zgk0vza@ndycu.edu MaganiPiec eyadcuuuo2b@mfu-uyhhov.co.uk MaganiPiec
Flags: needinfo?(kmaglione+bmo)
Comment 6•11 years ago
|
||
Alright, let's keep this bug open until we can block this based on name patterns.
Depends on: 897735
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
Comment 7•6 years ago
|
||
Closing old blocklist requests that shouldn't be valid after the move to WebExtensions-only in Firefox 57. Please comment if you think this bug is still valid and should be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•