Closed Bug 330536 Opened 19 years ago Closed 14 years ago

Unsolicited Hijack of default homepage

Categories

(Firefox :: Security, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: ls, Unassigned)

References

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1 A security flaw appears to allow hijacking of the default homepage. First noticed since upgrade to 1.5 Browser occassionally opens to alternate location than that set for the default web page. Such as http://www.vh1.com/ Can't see any processes or nasties that might be causing this, but if it is possible to hijack firefox without user acceptance then it ought be stopped. I'm suspecting that this may relate to some sub clause of the Firefox eula I clicked OK to with realising the full implications?? Reproducible: Sometimes
*** Bug 330537 has been marked as a duplicate of this bug. ***
Lewis, nothing I know of in Firefox would have set your homepage to vh1. It is difficult to diagnose since your report is quite vague with details, but if you can answer some questions it might help us diagnose the situation. 1) have you run a system scan using MS' antispyware tool and ad-aware ? Did you find any unauthorised software installed? 2) do you have an up to date virus scanner and have you run it lately? You can get a free avg scanner from http://grisoft.com/ What are the results? 3) what plugins and versions do you have installed? you can find the information by typing about:config in the url bar. I ask this since there are many vulnerabilities in older versions of flash, quicktime, java etc that are used by bad people. If you don't have the most current versions (for example, flash issued a security update _yesterday_), please update your plugins. 4) what extensions do you have installed? You can find this information under the Tools->Extensions menu.
err, need more coffee. I meant about:plugins to find info on plugins.
There is no clause in the EULA that let's us do this, and we wouldn't. Without more detail this bug isn't likely to lead anywhere useful. I recommend using one of the user support groups (web forums, newsgroups, or IRC chat) to get help diagnosing the true cause. http://www.mozilla.org/support/. And run the adware scan Bob suggested
Thanks for the quick responses. Nice to hear that this is not a planned revenue raising feature. I have anti spyware and anti-virus in place. The issue has occurred only twice, since an upgrade to 1.5 and 1.501 since the time of first release. I'll attempt to complete a full scan using some additional anti-spyware and see if I can glean some more usefull info. Lewis
The plugin info can be viewed at ftp://ftp.fasttrack.net.au/AboutPlug-ins.pdf Microsoft malware "aka windows defender" found nothing nor did adaware nor the ESET NOD32 system... Looks like a bit of a tough one, please let me know if I can help any further.
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE. Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.