285433 - JAVA may be dangerous

Status: RESOLVED INVALID

(Firefox :: Settings UI, defect)

Description

[Oliver Saier]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050307 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050307 Firefox/1.0+

I was feeling I'd fill up a new bug, although Bug 1785 and Bug 126568 are rather
similar.
Last night, I clicked a thumbnail in images.google.com, and as a result I got a
trojan!
http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

This has apparently little to do with Firefox or Mozilla, but 1) I was running
the latest version of Java (5.1), which I got from UMO, and 2)JAVA is enabled by
default in Firefox prefs.
I therefore reckon something should be done to prevent JAVA from being triggered
like that. Perhaps it should just be disabled by default, or managed like popups
are.

Reproducible: Didn't try

Comment 1

[Oliver Saier]

Attachment: Norton Antivirus activity log

Comment 2

[Matthias Versen [:Matti]]

http://secunia.com/virus_information/8569/byteveri-g/ ->

"Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described
in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability
to run arbitrary code on an infected system." ->

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx ->
"Flaw in Microsoft VM Could Enable System Compromise"

Note Microsoft JVM (used by IE) and not SUN JVM.

The trojan doesn't do anything in the SUN JRE (they are only stored in the JRE
cache)

-> invalid

Comment 3

[Oliver Saier]

So if I understand correctly, the trojan is only cached, because its execution
would require IE + a vulnerable version of MS JVM?
Thanks for the prompt reply!

Comment 4

[Mike Connor [:mconnor]]

sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change