MozillaZine

Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

User Help for Mozilla Firefox
Guest
Guest
 

Post Posted October 16th, 2010, 6:47 am

Just a heads up for those sys admins who might be using the IE Tab Plus (3.6+) in a corporate enviroment (lan/intranets/webguis etc)
or you just value your security and privacy,
the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request (3600000ms)

if you have these files in your profiles extensions subdirectories located in
\yourFFprofiledirectory\extensions\ietab@ip.cn\components

nsSuperfishComponent.js (5.4k)
nsSuperfishProgressListener.js (15.7k)
nsSuperfishStatistics.js (16.5K)
nsSuperfishUtils.js (60.8k)

then you have the spyware installed

and a few users who have also spotted this security risk
https://addons.mozilla.org/en-US/firefo ... ws/?page=1

there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html

but this version isn't currently being pushed out via mozilla addon updates , the spyware one is! (cant find any way of reporting any malicious addons to mozilla?)
if you have this addon and have automatically updated in the last few days/weeks you most probably have this

suggest Administrators either uninstall it completely and use a more trustworthy alternative (eg. IE Tab 2) or update manually to the newer version from the mozdev url above

An-Admin

Gingerbread Man

User avatar
 
Posts: 7412
Joined: January 30th, 2007, 10:55 am

Post Posted October 16th, 2010, 9:07 am

Guest wrote:cant find any way of reporting any malicious addons to mozilla?

I suggest you ask on the aforementioned forum before filing a bug report, considering that the extension is hosted by the author and such extensions are not reviewed by Mozilla. Whoops. I was looking at the wrong extension page.
Last edited by Gingerbread Man on October 16th, 2010, 9:28 am, edited 1 time in total.

Alan Baxter
 
Posts: 4418
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Post Posted October 16th, 2010, 9:21 am

Gingerbread Man wrote:the extension is hosted by the author and such extensions are not reviewed by Mozilla.

Why do you say that? It has a green "Add to Firefox" button on IE Tab Plus (FF 3.6+) :: Add-ons for Firefox and IE Tab Plus (FF 3.6+) :: Versions :: Add-ons for Firefox. An extension that hasn't been reviewed has a brown button which explicitly states that it hasn't been reviewed by AMO. That extension doesn't appear to be self-hosted either. The "Add to Firefox" button links to https://addons.mozilla.org/en-US/firefo ... latest.xpi

L.A.R. Grizzly

User avatar
 
Posts: 4689
Joined: March 15th, 2005, 5:32 pm
Location: Akron, Ohio, USA

Post Posted October 16th, 2010, 1:58 pm

Guest wrote:there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html



I've also noticed that after uninstalling the adware version and installing the clean version, the adware preference panel still shows up. You need to delete the Firefox cache folder to completely get rid of the adware version.

Delete this folder:

WinXP:

Documents and Settings\<username>\Local Settings\Application Data\Mozilla <delete this folder
Win7 Pro SP1 64 Bit
Comodo Internet Security
Firefox 38.0.5, Thunderbird 31.7.0 and SeaMonkey 2.33.1

GTryder
 
Posts: 1223
Joined: April 14th, 2010, 10:52 am

Post Posted October 16th, 2010, 3:34 pm

Guest wrote:the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request


The NoScript extension has a feature for Anti-XSS protection.
Ab subabsurda numquid ad veritas. "From the somewhat absurd possibility to reality."

Guest
Guest
 

Post Posted October 17th, 2010, 11:05 am

If the FF community doesn't find a way to police this all FF add-ons and FF itself will get a bad reputation among consumers.

But it isn't just consumers FF has to worry about.

The security industry rule for legitimate software is that no hidden add-ons are allowed to be bundled, that each bundled product be approved of by the user. It is okay to not permit an unbundled installation, but the consumer must concent to the each bundled part.

Otherwise AV software can report it as malware.

You see this rule implemented when you install Java or Flashplayer.

keith2468a
Guest
 

Post Posted October 17th, 2010, 11:10 am

I had the no-malware IE Tab installed.

It automatically updated to the malware IE Tab when the next version automatically installed.

So installing the no-malware IE Tab is not a solution, because it just switches you to the malware version when an update occurs.

keith2468a
Guest
 

Post Posted October 17th, 2010, 11:50 am

It would greatly speed up dealing with problem add-ons (intentional or malware, bad coding or bundled) if the FF Add-on manager generated a log of add-on installs, updates, disables and uninstalls.

I'm thinking that would just be a few lines of code, and low overhead since it would only be executed when changes occur.

I've made the suggestion to Hendrix here:
https://support.mozilla.com/en-US/questions/759016

thinkOfANumber
Guest
 

Post Posted October 17th, 2010, 11:59 am

No version of IE Tab will ever be a solution, because the developer has proven himself to be a criminal and has lost all trust. Do you really want to install software provided to you by a guy that intentionally allowed third party spammers to steal your information and time without your consent?

It would make as much sense as catching a burglar in your home and then inviting him to babysit your kids.

The guy should be trialed and sentenced like any other petty criminal.

LoudNoise
Moderator

User avatar
 
Posts: 38831
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted October 17th, 2010, 12:07 pm

thinkOfANumber-

Kindly tone down the passion or at least the rhetoric.
Post wrangler
Notice: If you have a comment on moderation, please post here viewtopic.php?f=11&t=2706389 and don't private message a mod. I don't reply to private messages unless I have previously requested them

Daifne
Moderator

User avatar
 
Posts: 122742
Joined: July 31st, 2005, 9:17 pm
Location: Where the Waters Meet, Wisconsin

Post Posted October 17th, 2010, 12:10 pm

Also, you need to be clear about the extension being discussed here. IE Tab died a while ago. IE Tab 2 and IE Tab Plus came out to fill the gap. IE Tab 2 has never had an issue. The one being discussed here is IE Tab Plus. All three different extensions.
JE SUIS CHARLIE
“If you make people think they're thinking, they'll love you; but if you really make them think, they'll hate you.” ― Harlan Ellison
Please do not PM me for personal support. Keep posts here in the Forums instead and we all learn.

ron111
Guest
 

Post Posted October 17th, 2010, 12:14 pm

Go to ie tab plus options, select basic mode. Should take care of it. The latest build of ie tab plus asks about installing this shopper feature. It check marks the box to enable it unless you select basic mode.

Run the "A2 Anti-Malware" free version and run it to make sure there's no spam. It's very good at finding all kinds of junk.

Guest
Guest
 

Post Posted October 17th, 2010, 12:26 pm

Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?

LoudNoise
Moderator

User avatar
 
Posts: 38831
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Post Posted October 17th, 2010, 12:37 pm

You would need to take this up with AMO (Add-ons Mozilla.org)
Post wrangler
Notice: If you have a comment on moderation, please post here viewtopic.php?f=11&t=2706389 and don't private message a mod. I don't reply to private messages unless I have previously requested them

Tony-E

User avatar
 
Posts: 8751
Joined: November 5th, 2004, 11:28 am

Post Posted October 17th, 2010, 1:33 pm

Guest wrote:Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?

You could ask about that in the AMO Feedback section of the Mozilla add-ons forum - https://forums.addons.mozilla.org/viewforum.php?f=20

Return to Firefox Support


Who is online

Users browsing this forum: No registered users and 15 guests