Opened 5 years ago

Closed 2 years ago

Last modified 2 months ago

#2137 closed defect (rejected)

malicious addon adding custom filters in ABP

Reported by: mapx Assignee:
Priority: Unknown Milestone:
Module: Adblock-Plus-for-Firefox Keywords:
Cc: trev, greiner Blocked By:
Blocking: Platform: Firefox
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

Description (last modified by mapx)

Environment

firefox 36
ABP 2.6.8

How to reproduce

well, a user reported some exception filters were added as custom filters
https://adblockplus.org/forum/viewtopic.php?f=1&t=28742

After scanning with malwarebytes antimalware, adwcleaner, checking his addons ... it seems to be an addon which installed another addon (Adbeaver) which can add those filters !

see here about adbeaver as ...malicious addon (trojan :O )
https://addons.mozilla.org/EN-us/firefox/addon/adbeaver/reviews/662460/

As I knew "By default the Mozilla Firefox (and other) browsers will not allow local files to be accessed from a web based application", so, how did manage that addon writing custom filters ?

-something similar is reported here:
https://adblockplus.org/forum/viewtopic.php?f=1&t=28602

but I don't know if it's about a standalone program which simply can add some filters to patterns.ini or something else.

For example ace stream player adds to firefox the custom filter

@@||aceadsys.net

So, probably ... it's not only adbeaver addon but some other program (dll ...) installed together that addon ?!

Change History (8)

comment:1 Changed 5 years ago by mapx

  • Description modified (diff)

comment:2 Changed 5 years ago by mapx

  • Description modified (diff)

comment:3 Changed 5 years ago by greiner

  • Cc greiner added

All of that is correct:

Basically, AdBeaver is using our public API to add custom filters. But even if we didn't have that API they'd still be able to modify the behavior of Adblock Plus by other means since extensions on Firefox are much more capable than on other platforms.

comment:4 Changed 5 years ago by philll

  • Platform changed from Firefox/Firefox Mobile to Firefox

Made Firefox and Firefox mobile available as seperate platforms.

comment:5 Changed 4 years ago by trev

  • Tester set to Unknown
  • Verified working unset

Actually, AdBeaver is merely using IAdblockPlus to read the data - it writes by messing with patterns.ini directly however. IMHO this is a violation of AMO's "no surprises" policy.

comment:6 Changed 4 years ago by trev

Nope, not just messing with patterns.ini, also adding filters via IAdblockPlus. Either way something that AMO should take care of this.

comment:7 Changed 2 years ago by trev

  • Resolution set to rejected
  • Status changed from new to closed

Mass-closing all bugs in Adblock Plus for Firefox module, the codebase of Adblock Plus 3.0 belongs into Platform and User-Interface modules. Old bugs are unlikely to still apply.

comment:8 Changed 7 months ago by takken3

Version 1, edited 7 months ago by greiner (previous) (next) (diff)
Note: See TracTickets for help on using tickets.