Closed
Bug 572095
Opened 14 years ago
Closed 14 years ago
Hidden link cause Mozilla crash (without any message) and arbitrary code execution is permitted (a variant of Win32/Kryptik.BNO trojan tried to install it self from http://alodh.in/v2/out/grab.exe , name of .exe file changes)
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: mrenato, Unassigned)
References
(Blocks 1 open bug, )
Details
Attachments
(2 files, 1 obsolete file)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)
A java window appears for a couple of seconds and then Mozilla crashes. My AV Nod32 blocks the main file (see summary) but it can install and execute an .exe file in the C:\Documents and Settings\%CurrentUser%\Local Settings\Temp dir.
I got Mozilla Firefox 3.5.9.
Reproducible: Always
Steps to Reproduce:
1. Open the web site: http://www.motogp.com/en/
Actual Results:
Loading the main page, when the flash starts a small Java orange window appears and then Firefox crashes.
Comment 1•14 years ago
|
||
What version of Java do you have installed? What does http://www.mozilla.com/en-US/plugincheck/ say about whether it is up to date? Are your other pluigns such as Flash up to date as well?
Comment 3•14 years ago
|
||
sorry, but it is too much of a risk to open a pdf just to get the plugin version numbers.
Attachment #451268 -
Attachment is obsolete: true
Comment 5•14 years ago
|
||
You need to update Quicktime and Flash. The plugin check report is incorrect in stating that your Flash is up to date.
Comment 8•14 years ago
|
||
Not yet. Still investigating.
Updated•14 years ago
|
Blocks: malware-attacks
Group: core-security
Comment 9•14 years ago
|
||
You also need to get rid of Adobe Acrobat. you don't appear to be using the latest version ("9.3.2": they finally added the version string to the description so people can tell), but even that version is currently being exploited in the wild with no patch available yet (maybe in another week there will be an update).
If you can't live w/out Acrobat and can't use another PDF reader for a week then follow Adobe's advisory and delete the authplay.dll
http://www.adobe.com/support/security/advisories/apsa10-01.html
Comment 10•14 years ago
|
||
Reporter, any updates with latest plugins and Firefox version?
Comment 11•14 years ago
|
||
Closing bug as Incomplete - if you are still experiencing this issue or have more information to provide feel free to post back here and we can re-open the bug. You can also get assistance by visiting the Firefox help site -> http://support.mozilla.com/en-US/kb/Ask+a+question
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
Comment 12•14 years ago
|
||
a resolution of fixed is reserved for changes in Firefox's code which result in a fix. I assume you meant that your issue was fixed. reverting to incomplete.
Resolution: FIXED → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•