Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

User Help for Mozilla Firefox
Guest
Guest

Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Guest »

Just a heads up for those sys admins who might be using the IE Tab Plus (3.6+) in a corporate enviroment (lan/intranets/webguis etc)
or you just value your security and privacy,
the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request (3600000ms)

if you have these files in your profiles extensions subdirectories located in
\yourFFprofiledirectory\extensions\ietab@ip.cn\components

nsSuperfishComponent.js (5.4k)
nsSuperfishProgressListener.js (15.7k)
nsSuperfishStatistics.js (16.5K)
nsSuperfishUtils.js (60.8k)

then you have the spyware installed

and a few users who have also spotted this security risk
https://addons.mozilla.org/en-US/firefo ... ws/?page=1

there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html

but this version isn't currently being pushed out via mozilla addon updates , the spyware one is! (cant find any way of reporting any malicious addons to mozilla?)
if you have this addon and have automatically updated in the last few days/weeks you most probably have this

suggest Administrators either uninstall it completely and use a more trustworthy alternative (eg. IE Tab 2) or update manually to the newer version from the mozdev url above

An-Admin
User avatar
Gingerbread Man
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Gingerbread Man »

Guest wrote:cant find any way of reporting any malicious addons to mozilla?

I suggest you ask on the aforementioned forum before filing a bug report, considering that the extension is hosted by the author and such extensions are not reviewed by Mozilla. Whoops. I was looking at the wrong extension page.
Last edited by Gingerbread Man on October 16th, 2010, 9:28 am, edited 1 time in total.
Alan Baxter
Posts: 4419
Joined: May 30th, 2005, 2:01 pm
Location: Colorado, USA

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Alan Baxter »

Gingerbread Man wrote:the extension is hosted by the author and such extensions are not reviewed by Mozilla.

Why do you say that? It has a green "Add to Firefox" button on IE Tab Plus (FF 3.6+) :: Add-ons for Firefox and IE Tab Plus (FF 3.6+) :: Versions :: Add-ons for Firefox. An extension that hasn't been reviewed has a brown button which explicitly states that it hasn't been reviewed by AMO. That extension doesn't appear to be self-hosted either. The "Add to Firefox" button links to https://addons.mozilla.org/en-US/firefo ... latest.xpi
User avatar
L.A.R. Grizzly
Posts: 5396
Joined: March 15th, 2005, 5:32 pm
Location: Upstate Ohio, USA
Contact:

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by L.A.R. Grizzly »

Guest wrote:there is a patched version (Lastest release v1.95.20100930 (Clean version, NO Window Shopper plugin)) which is without this spyware here
http://coralietab.mozdev.org/installation.html



I've also noticed that after uninstalling the adware version and installing the clean version, the adware preference panel still shows up. You need to delete the Firefox cache folder to completely get rid of the adware version.

Delete this folder:

WinXP:

Documents and Settings\<username>\Local Settings\Application Data\Mozilla <delete this folder
Win7 Pro SP1 64 Bit
Comodo Internet Security
Pale Moon 33.0.2, Epyrus Mail 2.1.2, Firefox 115.8.0esr, Thunderbird 115.8.1, and SeaMonkey 2.53.18
GTryder
Posts: 1223
Joined: April 14th, 2010, 10:52 am

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by GTryder »

Guest wrote:the current update being pushed out for this Firefox Addon is also installing without notice
components that capture all URLs/refferers visited as well as numerous other user statistics and
transmit them back to superfish dot com via a hidden https XSS request


The NoScript extension has a feature for Anti-XSS protection.
Ab subabsurda numquid ad veritas. "From the somewhat absurd possibility to reality."
Guest
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Guest »

If the FF community doesn't find a way to police this all FF add-ons and FF itself will get a bad reputation among consumers.

But it isn't just consumers FF has to worry about.

The security industry rule for legitimate software is that no hidden add-ons are allowed to be bundled, that each bundled product be approved of by the user. It is okay to not permit an unbundled installation, but the consumer must concent to the each bundled part.

Otherwise AV software can report it as malware.

You see this rule implemented when you install Java or Flashplayer.
keith2468a
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by keith2468a »

I had the no-malware IE Tab installed.

It automatically updated to the malware IE Tab when the next version automatically installed.

So installing the no-malware IE Tab is not a solution, because it just switches you to the malware version when an update occurs.
keith2468a
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by keith2468a »

It would greatly speed up dealing with problem add-ons (intentional or malware, bad coding or bundled) if the FF Add-on manager generated a log of add-on installs, updates, disables and uninstalls.

I'm thinking that would just be a few lines of code, and low overhead since it would only be executed when changes occur.

I've made the suggestion to Hendrix here:
https://support.mozilla.com/en-US/questions/759016
thinkOfANumber
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by thinkOfANumber »

No version of IE Tab will ever be a solution, because the developer has proven himself to be a criminal and has lost all trust. Do you really want to install software provided to you by a guy that intentionally allowed third party spammers to steal your information and time without your consent?

It would make as much sense as catching a burglar in your home and then inviting him to babysit your kids.

The guy should be trialed and sentenced like any other petty criminal.
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by LoudNoise »

thinkOfANumber-

Kindly tone down the passion or at least the rhetoric.
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
User avatar
Daifne
Moderator
Posts: 123071
Joined: July 31st, 2005, 9:17 pm
Location: Where the Waters Meet, Wisconsin

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Daifne »

Also, you need to be clear about the extension being discussed here. IE Tab died a while ago. IE Tab 2 and IE Tab Plus came out to fill the gap. IE Tab 2 has never had an issue. The one being discussed here is IE Tab Plus. All three different extensions.
ron111
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by ron111 »

Go to ie tab plus options, select basic mode. Should take care of it. The latest build of ie tab plus asks about installing this shopper feature. It check marks the box to enable it unless you select basic mode.

Run the "A2 Anti-Malware" free version and run it to make sure there's no spam. It's very good at finding all kinds of junk.
Guest
Guest

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Guest »

Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by LoudNoise »

You would need to take this up with AMO (Add-ons Mozilla.org)
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
User avatar
Tony-E
Posts: 8778
Joined: November 5th, 2004, 11:28 am

Re: Spyware found in (Coral) IE Tab Plus (3.6) - 1.95

Post by Tony-E »

Guest wrote:Why is there no "report spyware/malicious extension" button on the addons.mozilla.org page?

You could ask about that in the AMO Feedback section of the Mozilla add-ons forum - https://forums.addons.mozilla.org/viewforum.php?f=20
Locked