If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

firefoxsetup-0.9.2.exe possibly compromised, firefox installation caught listening to ports

VERIFIED INVALID

Status

()

Firefox
Installer
--
blocker
VERIFIED INVALID
13 years ago
12 years ago

People

(Reporter: wbb2nd, Assigned: Ben Goodger (use ben at mozilla dot org for email))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: firefoxsetup-0.9.2.exe

The Firefox installation generated by file firefoxsetup-0.9.2.exe has been 
caught listening to ports 2011, 2021, 2025, and 2030 (as reported by ZoneAlarm 
Pro) the port listened to increments each time the browser is started.  At 
first I one of the add ons might have caused it.  I isolated the test system 
from the network, formatted the system partition, did a virgin install of 
window 2k pro and ran firefoxsetup-0.9.2.exe and found it listening to ports.

Reproducible: Always
Steps to Reproduce:
1.have software installed that can detect port listening
2.run the firefoxsetup-0.9.2.exe
3.run firefox

Actual Results:  
firefox is shown to be listening to port 2011 on first run, terminate firefox 
and upon restart listening to 2021, terminate/restart 2025, and 
terminate/restart 2030. I assume it will keep increasing the port number on 
each restart.   

Expected Results:  
Not be listening to ports!

NOTE THAT THUNDERBIRD-0.7.2.EXE INSTALLATION OF THUNDERBIRD WAS ALSO LISTENING 
TO PORTS (However, I did not check it on a clean install)

I would suspect the installer as multiple packages are involved.
(Reporter)

Comment 1

13 years ago
I forgot to mention that I pulled a fresh copy of Firefoxsetup-0.9.2.exe from 
the Mozilla site with the 'clean' system and FC /B showed it to be identical to 
to copy I was using. 

Also all patches from Microsoft for Windows 2k pro were applied.

My systems are connected to the internet via a Netgear RP614.  Norton (with the 
latest virus defs) shows no viruses present. 
Mozilla products establish a pair of ports listening to each other for
interprocess communication, is this what you're seeing? if you do a "netstat"
from a command prompt window what is the foreign address? If it's localhost then
this is what you're seeing and it's OK.

If it's something else please reopen the bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
Removing confidential flag from bugs resolved INVALID
Group: security

Updated

12 years ago
Status: RESOLVED → VERIFIED
QA Contact: bugzilla → installer
You need to log in before you can comment on or make changes to this bug.