Closed
Bug 326860
(winalinmacpop)
Opened 19 years ago
Closed 19 years ago
simply selecting text on page popup and install winfixer spyware - sessionsaver extension will be patch the problem by always open new windows when starting browser
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 313337
People
(Reporter: mikexilva, Unassigned)
References
()
Details
Attachments
(1 file)
6.96 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 I think this site exploit a a security problem in Firefox 1.5.0.1 as well as latest Firefox nightly build "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060211 Firefox/1.6a1" I tested this on Slackware 10.2, and also created a new system user with a clean profile (empty home dir) for testing the nightly build of FF. The following URL: http://macdailynews.com/index.php/weblog/comments/8561/ First time page loads looks fine, but when I simply select some text a popup "Winfixer" apears (URL= http://media.fastclick.net/w/... and the new window URL=http://bfc.myway.com/smileypromos/screensavers/ss_opt_pop3.html?partner=ZRxdm080 ). (it shouldn't) and if sessionsaver extension is instaled everytime Firefox starts it also open windows from winfixer. Never seen anything like this in my Linux Firefox. Reproducible: Always Steps to Reproduce: 1. Open URL http://macdailynews.com/index.php/weblog/comments/8561/ 2. With the mouse, just select some normal text on page 3. Popup apears Actual Results: Unwanted popup and maybe instaled spyware. If used with the sessionsaver extension problem gets biger. Expected Results: Shouldn't popup that window, and even when closing it reopens another one. I think the poped-up window uses flash to make other things, because when I used a clean new user profile the poped-up window shoed I needed an adition plugin and when I said to search for that plugin it said it was flash. I found the problematic URL because it was in first place when searching for "linux" in news.google.com
Reporter | ||
Comment 1•19 years ago
|
||
Just made another test using a clean user account: rm -fr .mozila/ (this should have cleand the profile settings) cd firefox (location of decompresed FF binary nighly build 20060211) from the comand line opened FF, it opens the normal start-page and close FF cp -rv .mozilla .mozilo (backup profile) open again FF and then I enter the trouble page URL and it loads ok select some text the bad Popup window apears back to comand line and kill FF (using Ctrl+C) Using kdiff3 I found the following changed files: some files in Cache/ (normal grow I guess) XUL.mfasl (from 734501bytes to 802055bytes) hystory.dat (from 943bytes to 3328bytes) localstore.rdf (from 1026bytes to 3964bytes) I think you'll have no problems geting this same result, but if you need I have these files. PS: thinking of a name of this bug: Funny a Linux user reading a Mac site and gets a winfixer popup :) maybe winalinmacpop
Alias: winalinmacpop
Version: unspecified → 1.5 Branch
Comment 2•19 years ago
|
||
(In reply to comment #1) > Using kdiff3 I found the following changed files: > some files in Cache/ (normal grow I guess) > XUL.mfasl (from 734501bytes to 802055bytes) > hystory.dat (from 943bytes to 3328bytes) > localstore.rdf (from 1026bytes to 3964bytes) Those are normal browsing files. XUL.mfasl is the XUL cache, and localstore.rdf holds browser state like window positions. They probably wouldn't have changed in a well-used profile, but because you started fresh they're just getting set. History is your browsing history, of course -- that always changes as you surf.
Comment 3•19 years ago
|
||
This is the content of one of the files loaded from fastclick, slightly reformatted for readability (their version was a 5500 character-long single line). I've decoded the scrambled strings and they're mostly IE object things. If you look at function fV7 you'll see it set a body.onclick handler, which is the one that gets us.
Comment 4•19 years ago
|
||
*** This bug has been marked as a duplicate of 313337 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•