Adblock Plus and (a little) more
Vulnerability? Fixed! · 2019-04-20 10:22 by Laura Dornheim
As we described in our last post, a potential vulnerability through the filter list option “rewrite”.
There never was an actual threat to any of our users.
But of course we want to ensure that there never will be one. This is why last night, we released a new version of Adblock Plus that prevents any abuse of this filterlist option.
So you can consider this fixed and continue your search for Easter eggs in peace!
You can download this updated version directly through your browsers add-on store or of course at adblockplus.org
Comment [6]
Commenting is closed for this article.
anna · 2019-04-23 12:13 · #
Hi,
so the bug is fixed, the rewrite option to rewrite to internal resources is not vulnerable to attack?
Reply from Hubert Figuière:
The issue doesn’t apply to the rewrite to internal resources.
med · 2019-04-24 03:37 · #
@anna The $rewrite filter option is safe.
@Laura Please update the help page.
Reply from Hubert Figuière:
The help page has been updated.
ShilohL · 2019-05-05 14:21 · #
Nope. Still notified it won’t download to my Mac, says it’s corrupt
Reply from Hubert Figuière:
This is unfortunate timing. There was an issue on Mozilla own add-on infrastructure that has since been resolved. Everything should be normal.
Thank you for your patience.
Darcy · 2019-05-05 18:00 · #
Afraid not. I’ve clicked it three times now and always get “the add on downloaded from this site could not be installed because it appears to be corrupt.”
Reply from Hubert Figuière:
This is unfortunate timing. There was an issue on Mozilla own add-on infrastructure that has since been resolved. Everything should be normal.
Thank you for your patience.
tim · 2019-05-06 05:56 · #
“a potential vulnerability “?
Is AdblockPlus still phonehome?
For years i was using ABP for blocking adds. All automatic updates, in menu and about:config, switched off. But in about:networking i was see
ing ABP still connecting home.
rozita · 2019-05-18 16:33 · #
i use pop-up in my site: https://www.rosemusics.com/ and all income come from ads how deal with your apk?