funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FlashGot Firefox plugin, now spyware

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 16 Feb 2010 11:47:48 +0200
On 2/16/10 10:52 AM, Reed Loden wrote:

On Tue, 16 Feb 2010 09:43:32 +0200
Gadi Evron<ge () linuxbox org>  wrote:


FlashGot Firefox plugin, a long-time download assistant, now acts like
spyware.

It gives you recommendations IN Google search to another search site,
according to your searches.


Just to confirm, you're referring to FlashGot, as in
https://addons.mozilla.org/en-US/firefox/addon/220 and
http://flashgot.net, correct?

There's also FlashGet (http://www.flashget.com), which is something
completely different. The two get confused a lot, so just
double-checking before I start poking some folks about your report.



Just to make sure we have the same terminology, as a friend of mine 
disagrees:
1. It adds content to web pages I visit (so far just Google) by 
suggesting tweaked searches, possibly (unconfirmed) by sending data 
about my searches, which would make it spyware.
2. When I click these suggested better searches for what I was looking, 
it sends me off to a different search engine, which I define as adware.

But none of which may be bad under your AUP.

The reason I feel decieved is that I have used flashgot for a long time 
now, and while true i didn't read the change log, neither do many others.

I have FlashGot, but it is a guess as to whether it is real or somehow I 
got a fake one. I got an update for it yesterday by automatic FireFox 
notification. So as far as I know I got it officially, but maybe the web 
site was hijacked or something.

        Gadi.



        Gadi.


Note that you're always welcome to notify our add-ons team directly
concerning such reports using the contact information at
https://addons.mozilla.org/en-US/developers/docs/policies/contact, or
if you want to contact the Mozilla Security Group specifically, you can
e-mail security () mozilla org. We definitely want to do everything in our
power to ensure our users are kept secure and their privacy protected.

~reed
Mozilla Security Group




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



-- 
Gadi Evron,
ge () linuxbox org.

Blog: http://gevron.livejournal.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: