...never saw that coming. ffs
A feature introduced last year in Adblock Plus and a few other related content blocking browser extensions allows providers of filtering lists, under certain conditions, to execute arbitrary code on web pages. Adblock Plus v3.2 for Chrome, Firefox and Opera, released in July 2018, includes support for the $rewrite filter …
Yeah, until the maintainer gets an actual job and family that take time, and somebody else steps up to take over maintenance. Remember, it happened to respectable npm modules and WP plugins, too, there is zero reason to believe it wouldn't happen to filter list maintainers.
(And FWIW, isn't it "works as advertised"? You allow an add-on to frobnicate the source code of any and all web pages you visit, of course it can do pretty much anything with that and use covert channels to exfiltrate data.)
As per the article (second paragraph, you wouldn't even need to read half of it):
"Adblock Plus v3.2 for Chrome, Firefox and Opera, released in July 2018, includes support for the
$rewrite filter option, which can alter filter rules governing whether or not content gets blocked. "
So Firefox is affected, IE not so (no support for the
"So Firefox is affected, IE not so (no support for the $rewrite function?)"
Well good news is the new chredge (Edge branded chromium+ms services) will support Chrome extensions, so we'll have the benefit of potentially nasty plugin flaws with Microsoft OS integration to boot... Yey! :)
Wonder if Ghostery suffers from similar issues... Anybody know?
Biting the hand that feeds IT © 1998–2020