Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
-
- Guest
Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Just a heads up for those sys admins who might be using the IE Tab Plus (3.6+) in a corporate enviroment (lan/intranets/webguis etc)
or you just value your security and privacy,
the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request (3600000ms)
if you have these files in your profiles extensions subdirectories located in
\yourFFprofiledirectory\extensions\ietab@ip.cn\components
nsSuperfishComponent.js (5.4k)
nsSuperfishProgressListener.js (15.7k)
nsSuperfishStatistics.js (16.5K)
nsSuperfishUtils.js (60.8k)
then you have the spyware installed
and a few users who have also spotted this security risk
https://addons.mozilla.org/en-US/firefo ... ws/?page=1
there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html
but this version isn't currently being pushed out via mozilla addon updates , the spyware one is! (cant find any way of reporting any malicious addons to mozilla?)
if you have this addon and have automatically updated in the last few days/weeks you most probably have this
suggest Administrators either uninstall it completely and use a more trustworthy alternative (eg. IE Tab 2) or update manually to the newer version from the mozdev url above
An-Admin
or you just value your security and privacy,
the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request (3600000ms)
if you have these files in your profiles extensions subdirectories located in
\yourFFprofiledirectory\extensions\ietab@ip.cn\components
nsSuperfishComponent.js (5.4k)
nsSuperfishProgressListener.js (15.7k)
nsSuperfishStatistics.js (16.5K)
nsSuperfishUtils.js (60.8k)
then you have the spyware installed
and a few users who have also spotted this security risk
https://addons.mozilla.org/en-US/firefo ... ws/?page=1
there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html
but this version isn't currently being pushed out via mozilla addon updates , the spyware one is! (cant find any way of reporting any malicious addons to mozilla?)
if you have this addon and have automatically updated in the last few days/weeks you most probably have this
suggest Administrators either uninstall it completely and use a more trustworthy alternative (eg. IE Tab 2) or update manually to the newer version from the mozdev url above
An-Admin
- Gingerbread Man
- Posts: 7735
- Joined: January 30th, 2007, 10:55 am
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Guest wrote:cant find any way of reporting any malicious addons to mozilla?
Last edited by Gingerbread Man on October 16th, 2010, 9:28 am, edited 1 time in total.
-
- Posts: 4419
- Joined: May 30th, 2005, 2:01 pm
- Location: Colorado, USA
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Gingerbread Man wrote:the extension is hosted by the author and such extensions are not reviewed by Mozilla.
Why do you say that? It has a green "Add to Firefox" button on IE Tab Plus (FF 3.6+) :: Add-ons for Firefox and IE Tab Plus (FF 3.6+) :: Versions :: Add-ons for Firefox. An extension that hasn't been reviewed has a brown button which explicitly states that it hasn't been reviewed by AMO. That extension doesn't appear to be self-hosted either. The "Add to Firefox" button links to https://addons.mozilla.org/en-US/firefo ... latest.xpi
- L.A.R. Grizzly
- Posts: 5408
- Joined: March 15th, 2005, 5:32 pm
- Location: Upstate Ohio, USA
- Contact:
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Guest wrote:there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html
I've also noticed that after uninstalling the adware version and installing the clean version, the adware preference panel still shows up. You need to delete the Firefox cache folder to completely get rid of the adware version.
Delete this folder:
WinXP:
Documents and Settings\<username>\Local Settings\Application Data\Mozilla <delete this folder
Win7 Pro SP1 64 Bit
Comodo Internet Security
Pale Moon 33.5.0, Firefox 115.18.0esr, Thunderbird 115.16.3esr, and SeaMonkey 2.53.19
Comodo Internet Security
Pale Moon 33.5.0, Firefox 115.18.0esr, Thunderbird 115.16.3esr, and SeaMonkey 2.53.19
-
- Posts: 1223
- Joined: April 14th, 2010, 10:52 am
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Guest wrote:the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request
The NoScript extension has a feature for Anti-XSS protection.
Ab subabsurda numquid ad veritas. "From the somewhat absurd possibility to reality."
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
If the FF community doesn't find a way to police this all FF add-ons and FF itself will get a bad reputation among consumers.
But it isn't just consumers FF has to worry about.
The security industry rule for legitimate software is that no hidden add-ons are allowed to be bundled, that each bundled product be approved of by the user. It is okay to not permit an unbundled installation, but the consumer must concent to the each bundled part.
Otherwise AV software can report it as malware.
You see this rule implemented when you install Java or Flashplayer.
But it isn't just consumers FF has to worry about.
The security industry rule for legitimate software is that no hidden add-ons are allowed to be bundled, that each bundled product be approved of by the user. It is okay to not permit an unbundled installation, but the consumer must concent to the each bundled part.
Otherwise AV software can report it as malware.
You see this rule implemented when you install Java or Flashplayer.
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
I had the no-malware IE Tab installed.
It automatically updated to the malware IE Tab when the next version automatically installed.
So installing the no-malware IE Tab is not a solution, because it just switches you to the malware version when an update occurs.
It automatically updated to the malware IE Tab when the next version automatically installed.
So installing the no-malware IE Tab is not a solution, because it just switches you to the malware version when an update occurs.
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
It would greatly speed up dealing with problem add-ons (intentional or malware, bad coding or bundled) if the FF Add-on manager generated a log of add-on installs, updates, disables and uninstalls.
I'm thinking that would just be a few lines of code, and low overhead since it would only be executed when changes occur.
I've made the suggestion to Hendrix here:
https://support.mozilla.com/en-US/questions/759016
I'm thinking that would just be a few lines of code, and low overhead since it would only be executed when changes occur.
I've made the suggestion to Hendrix here:
https://support.mozilla.com/en-US/questions/759016
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
No version of IE Tab will ever be a solution, because the developer has proven himself to be a criminal and has lost all trust. Do you really want to install software provided to you by a guy that intentionally allowed third party spammers to steal your information and time without your consent?
It would make as much sense as catching a burglar in your home and then inviting him to babysit your kids.
The guy should be trialed and sentenced like any other petty criminal.
It would make as much sense as catching a burglar in your home and then inviting him to babysit your kids.
The guy should be trialed and sentenced like any other petty criminal.
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
thinkOfANumber-
Kindly tone down the passion or at least the rhetoric.
Kindly tone down the passion or at least the rhetoric.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
- Daifne
- Moderator
- Posts: 123071
- Joined: July 31st, 2005, 9:17 pm
- Location: Where the Waters Meet, Wisconsin
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Also, you need to be clear about the extension being discussed here. IE Tab died a while ago. IE Tab 2 and IE Tab Plus came out to fill the gap. IE Tab 2 has never had an issue. The one being discussed here is IE Tab Plus. All three different extensions.
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Go to ie tab plus options, select basic mode. Should take care of it. The latest build of ie tab plus asks about installing this shopper feature. It check marks the box to enable it unless you select basic mode.
Run the "A2 Anti-Malware" free version and run it to make sure there's no spam. It's very good at finding all kinds of junk.
Run the "A2 Anti-Malware" free version and run it to make sure there's no spam. It's very good at finding all kinds of junk.
-
- Guest
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?
- LoudNoise
- New Member
- Posts: 39900
- Joined: October 18th, 2007, 1:45 pm
- Location: Next door to the west
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
You would need to take this up with AMO (Add-ons Mozilla.org)
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
- Tony-E
- Posts: 8778
- Joined: November 5th, 2004, 11:28 am
Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95
Guest wrote:Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?
You could ask about that in the AMO Feedback section of the Mozilla add-ons forum - https://forums.addons.mozilla.org/viewforum.php?f=20