Closed Bug 318047 Opened 19 years ago Closed 19 years ago

When using Firefox to browse I get Java trojans or worms.


(Firefox :: Security, defect)

Windows XP
Not set





(Reporter: ram100352, Unassigned)


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

I know this was an issue in Microsoft and I have downloaded the patch from them months ago but continue to get these when browsing with Firefox. Is there a security update to get rid of these? Will just cleaning my cache delete these? And lastly is there a fix to stop this BEFORE they infect your computer. The bugs are listed here.

Java.ByteVerify!Exploit trojan 
Java.Shinwow.AT trojan
Java.Shinwow.AW trojan    

Reproducible: Always
They are exploits meant for Microsoft Virtual Machine (if not updated).
They don't work in Sun Java.
Firefox doesn't use Microsoft Virtual Machine.
see bug 288025 comment 1, this is not really a FF issue

*** This bug has been marked as a duplicate of 271559 ***
Closed: 19 years ago
Resolution: --- → DUPLICATE
You are safe from these when using Firefox (or a patched IE), yet you will continue to get these warnings from your anti-virus unless you turn off Java entirely. In order to run Java the bytecode is downloaded to your computer. Before it's downloaded there is no way to distinguish well-intentioned Java code from malware -- you either trust that your version of Java is secure or not. Once downloaded the anti-virus detects the presence of the malware embedded in the Java bytecode and warns you about it. The anti-virus doesn't know whether you're immune or not, it just knows its found something that matches its signatures. The same is true for other kinds of malware that target browsers--images, music or video files, acrobat files, javascript, even plain HTML--bad code can only be detected after it has been downloaded. (We'll ignore for the moment institutions that have malware detectors at the perimeter of the  local intranet. If that applied you wouldn't be getting these warnings.)

When you get these anti-virus warnings follow the links and see if you're vulnerable, and if so what steps to take to clean up. If you are not vulnerable make note of the site as one that hosts malware and avoid it in the future. If these sites are hosting old known vulnerabilities they will probably also host new undetected exploits given the chance.

I don't think this is a reasonable dupe of bug 271559. There's no evidence ram is running an outdated version of anything, and even fully up to date folks will continue to get the warnings simply because the content continues to exist on web pages. But I don't see anything a web browser can do to prevent that.
You need to log in before you can comment on or make changes to this bug.