Closed
Bug 226622
Opened 21 years ago
Closed 21 years ago
javascript malware on website hangs browser intentionally
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
People
(Reporter: steevo, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5b) Gecko/20030808 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5b) Gecko/20030808 Browsed to spammed site. Site contains popup: "this site requires a 4.0 browser". No matter what, that locked the browser. Clicking OK caused the script to run again, modal window appeared again. There was no time to kill javascript in Mozilla, before the box would pop up again, and nothing could be done with the browser from that point on except end task with task manager. This site likely requires IE so the site operator can open windows with no controls. Which is why I use Mozilla for spam analysis. But he stopped me. Script on site is malware. Intended to take control of the browser (IE). But it pretty much killed Mozilla. Reproducible: Always Steps to Reproduce: 1. Browse to http://200.206.191.202/COO/index.html 2. Browser is then disabled by malware script on site. 3. Actual Results: Browser was locked up, had to be quit with task manager. Expected Results: Not allowed script to repeat? Script control should always be accessable even though there is a modal window place there by script. Hmm.
You can press ESC before the dialog comes up. (Or just press ESC twice in a row if the dialog is open) Invalid?
*** This bug has been marked as a duplicate of 13350 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
I agree about the dupe of 13350. I searched for that, got zarro. Oh well.
Comment 5•21 years ago
|
||
I used view-source:http://200.206.191.202/COO/index.html to have a look at the code. I get one long line, put in some breaks to show the start of it here: <html><head><title>::</title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv='expires' content=''> <script>var vm66=6743;CQPaeh='OBSKrOawObqEOjOMjJIgSfWO';ym='<tl<ed<citus=Ti aede o upr orbosr rwe eso . rhge srqie!; ... cut some, and then the end of the file: ... eval(unescape(haur));sfb91='OnMxJdOFHkIOWLnxxwDOdlUcbswBqTdOKprPotKGmCOO';</script></head></html> It seems to me the file consists of some strings ending with a semicolon; and haure= somestring; is one of them. I assume unescaped it will form another (eval(Unescape()) function, and so on. If you really want to decode, copy the view-source:http:// link into the location bar, use File:Save as to save it, and maybe you can decode it using the javascript debugger.
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•