Opened on 03/12/2015 at 10:38:59 PM

Closed on 11/10/2017 at 11:15:18 AM

Last modified on 10/08/2019 at 05:28:42 PM

#2137 closed defect (rejected)

malicious addon adding custom filters in ABP

Reported by: mapx Assignee:
Priority: Unknown Milestone:
Module: Adblock-Plus-for-Firefox Keywords:
Cc: trev, greiner Blocked By:
Blocking: Platform: Firefox
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description (last modified by mapx)

Environment

firefox 36
ABP 2.6.8

How to reproduce

well, a user reported some exception filters were added as custom filters
https://adblockplus.org/forum/viewtopic.php?f=1&t=28742

After scanning with malwarebytes antimalware, adwcleaner, checking his addons ... it seems to be an addon which installed another addon (Adbeaver) which can add those filters !

see here about adbeaver as ...malicious addon (trojan :O )
https://addons.mozilla.org/EN-us/firefox/addon/adbeaver/reviews/662460/

As I knew "By default the Mozilla Firefox (and other) browsers will not allow local files to be accessed from a web based application", so, how did manage that addon writing custom filters ?

-something similar is reported here:
https://adblockplus.org/forum/viewtopic.php?f=1&t=28602

but I don't know if it's about a standalone program which simply can add some filters to patterns.ini or something else.

For example ace stream player adds to firefox the custom filter 

@@||aceadsys.net

So, probably ... it's not only adbeaver addon but some other program (dll ...) installed together that addon ?!

Attachments (0)

Change History (8)

comment:1 Changed on 03/13/2015 at 08:04:31 AM by mapx

  • Description modified (diff)

comment:2 Changed on 03/13/2015 at 08:05:03 AM by mapx

  • Description modified (diff)

comment:3 Changed on 03/13/2015 at 06:46:43 PM by greiner

  • Cc greiner added

All of that is correct:

Basically, AdBeaver is using our public API to add custom filters. But even if we didn't have that API they'd still be able to modify the behavior of Adblock Plus by other means since extensions on Firefox are much more capable than on other platforms.

comment:4 Changed on 05/20/2015 at 02:22:39 PM by philll

  • Platform changed from Firefox/Firefox Mobile to Firefox

Made Firefox and Firefox mobile available as seperate platforms.

comment:5 Changed on 08/14/2015 at 06:19:49 PM by trev

  • Tester set to Unknown
  • Verified working unset

Actually, AdBeaver is merely using IAdblockPlus to read the data - it writes by messing with patterns.ini directly however. IMHO this is a violation of AMO's "no surprises" policy.

comment:6 Changed on 08/14/2015 at 06:29:41 PM by trev

Nope, not just messing with patterns.ini, also adding filters via IAdblockPlus. Either way something that AMO should take care of this.

comment:7 Changed on 11/10/2017 at 11:15:18 AM by trev

  • Resolution set to rejected
  • Status changed from new to closed

Mass-closing all bugs in Adblock Plus for Firefox module, the codebase of Adblock Plus 3.0 belongs into Platform and User-Interface modules. Old bugs are unlikely to still apply.

comment:8 Changed on 05/29/2019 at 09:06:01 AM by takken3

spam

Last edited on 10/08/2019 at 05:28:42 PM by kzar

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none).
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.