Closed Bug 303716 Opened 19 years ago Closed 19 years ago

Website Downloads Malware Software

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: badbois4l, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:needinfo]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

If you go to this website http://www.thekeys.ws/?look=clonecd+5.2.6.1&type=serials
Then website will download malicious software onto your computer. I though
Firefox blocks software from installing. Could this be a website exploiting a
Firefox vulnerbility that not yet been discovered.

Reproducible: Always

Steps to Reproduce:
1. Go here http://www.thekeys.ws/?look=clonecd+5.2.6.1&type=serials
2. Watch the software to install
3. Popup window comes up asking for installing confirmation
4. donwloaded software produced a firewall window asking for internet access
confromation
5. file is detected by kaspersky antivirus as trojan.isbar virus or variant

Actual Results:  
Malware is downloaded on the computer

Expected Results:  
Firefox should have blocked this
Out of curiosity, I just went to that site in Safari.  I think the problem you're seeing is a malicious Java 
applet that asks your permission to run (step 3 in your "steps to reproduce" section).  When you do grant it 
more permission, bad things start to happen.
(In reply to comment #1)
> Out of curiosity, I just went to that site in Safari.  I think the problem
you're seeing is a malicious Java 
> applet that asks your permission to run (step 3 in your "steps to reproduce"
section).  When you do grant it 
> more permission, bad things start to happen.

Your right it might be. The problem is still there though.

When i go to that website, the file is automatically downloaded on my computer
even before the confromation windows pops up, i get a firewall warning before
the window comes up. Actually its possibly it could not be java because usually
a java icon appears in my taskbar when java websites are present but I might be
wrong
Whiteboard: [sg:needinfo]
When I visit the site Java starts running. It is allowed to run if the applet
runs in its sandbox. This is save. If an applet is not save Java will ask for
permission to you. This is a very visible warning/request.
The downloaded applet contains the signature of Java/Openstream.W. As far as I
know this is an exploit, meant for a leak in Microsoft Java Virtual Machine.
Firefox does not use Microsoft Virtual Machine. But the signature is present,
and good antivirus software will detect it, although AFAIK it can't do any harm.
This has nothing to do with the Firefox security. Java is a plugin and an
independant program, that is allowed to run in Firefox.
Marking bug as Invalid
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.