Closed
Bug 449878
Opened 16 years ago
Closed 13 years ago
Malicious site exploits offline mode to force users to download fake antivirus tool
Categories
(Firefox :: Security, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: carlp-mozilla, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 firefox offline mode should not be adjustable by javascript on a web page. Right now lots of people are downloading from MALICIOUS SITE http://scan.powerantivirus2009.com/?aff=1539 described at http://www.2-spyware.com/remove-powerantivirus2009.html and the reason they think they "need" to download the bogus software is that their browser "stops working" because it is in Offline mode. Very sneaky, and the browser should not have allowed itself to be put in offline mode. Reproducible: Always Steps to Reproduce: 1. Go to malicious ssite above. 2. Verify that browser is in offline mode. 3. Actual Results: offline mode Expected Results: Message "do you really want to go to offline mode" or "malicious website detected."
Comment 1•16 years ago
|
||
It doesn't switch my Firefox 3.01 in Offline mode. If you are in the offline mode, how would you be able to download software ? I see only Javascript Alert with "your system is slower than usual....."
Component: Phishing Protection → Security
QA Contact: phishing.protection → firefox
Comment 2•16 years ago
|
||
I sent a note to google about this page.I hope they will include it in their safebrowsing/phishing database and Firefox as user of this Database will block it.
Clarifiaction: The browser went in "Offline Mode" just after the trojan payload file download had been completed and Firefox was asking (in my case) where to save it. Clearly it would not make much sense to make the browser offline BEFORE downloading the trojan. The browser also disappointed me by naming the file incorrectly IMO. In the form I directed that it be named "whatever.exe.off" instead of "whatever.exe" to guard against accidental execution. But the browser redid the hazardous choice, saving the file as "whatever.exe.off.exe" We must be very careful not to save files as executables when the user doesn't expect it! Dropping executables in the wrong directory can get them to be run automatically, soon or at reboot. Never add a executable suffix without the users' knowledge! I assume the MIME type was used to add the "correct" suffix, contradicting the suffix I chose.
Comment 4•16 years ago
|
||
carlp, can you file a separate bug report about ".exe" being added at an inappropriate time? You should be able to use https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/3.0/win32/en-US/ as a testcase.
Comment 5•15 years ago
|
||
(In reply to comment #1) > It doesn't switch my Firefox 3.01 in Offline mode. > If you are in the offline mode, how would you be able to download software ? > I see only Javascript Alert with "your system is slower than usual....." so this is INVALID?
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•