Copy of addon: violation of license and insertion of malicious code: what can I do?

ysard · January 9, 2018, 5:06pm

Hello,

I am the developer behind the addon referenced on this page:
https://addons.mozilla.org/fr/firefox/addon/cookie-quick-manager/

This addon is in development and is hosted on this GitHub page under GPL v3+ license:

Since a few days a copy appeared on AMO:
https://addons.mozilla.org/fr/firefox/addon/cookie-manager-pro/

The resemblance is obvious and the license is clearly not respected.
If the modifications were only a change of appearance, I could have have stopped there, but I decided to compare the codes. Apart from the removal of the French translations, I see this in the diff concerning the file ‘manifest.json’:

+ content_scripts": [
+    {
+      "matches": ["*://*/*"],
+      "js": ["background.js"]
+    }
+  ],

Command used:
diff -ru my_code/ its_code/ > diff. txt
Command to download this addon:
wget https://addons.mozilla.org/firefox/downloads/file/832938/cookies_manager_pro-1.0-an+fx.xpi

The file ‘background.js’ contains minified and obviously malicious code, which is not mine and inherits the permissions of my addon to access the content of all the pages visited by users.

What to do about this problem?
Thanks for reading me!

erosman · January 9, 2018, 5:15pm

I am going to check it.
Add-on Reviewers can handle checking for malicious code… but AFA copyright, @jorgev should be able to advise you better.

jorgev · January 9, 2018, 6:30pm

For copyright or trademark violations, you need to follow the process described here:

https://www.mozilla.org/en-US/about/legal/report-abuse/

ysard · January 9, 2018, 8:10pm

Thank you both very much.

The addon in question seems to rewrite some urls of merchant sites by replacing them with affiliate urls.
The templates used are hosted here:
https://www.jasonbase.com/things/nBbV.json