Crash if I opended the site (Virus that attacks the browser: Kaspersky: Exploit.HTML.DialogArg)

RESOLVED INCOMPLETE

Status

Plugins Graveyard
Kaspersky AV
--
critical
RESOLVED INCOMPLETE
12 years ago
2 years ago

People

(Reporter: Patrick, Unassigned)

Tracking

({crash})

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4

If i opended the site, the browser crashs, a virus-alert appears, and some mail-windows appears

Reproducible: Always

Steps to Reproduce:
1. Simply open the Website
2.
3.

Actual Results:  
If i opended the site, the browser crashs, a virus-alert appears, and some mail-windows appears

Expected Results:  
only showing the site
The Kaspersky detection is irrelevant, that's just a detection of an IE-only exploit attempt found on the page as its being processed (although it does tell you right off the bat that you're dealing with malicious folks -- and there's no way to know whether there's an -un-detected Firefox exploit).

The crash is probably due to the DOS-attack, an infinite number of attempts to launch your mailreader until your machine runs out of resources and dies (as in bug 181860)

Anyone find anything else there?
Group: security
Depends on: 181860

Comment 2

12 years ago
Created attachment 224505 [details]
getclip.html

I did crash in bone cho when running their code that attempts to steal the clipboard contents but not in trunk and it wasn't 100% reproducible. I didn't load the content (some swf etc) that might be nasty but AVG didn't see anything in them.

Updated

11 years ago
Keywords: crash
Version: unspecified → 1.5.0.x Branch

Comment 3

9 years ago
reporter, Do you still see this problem. If you do not, please close the bug with resolution WORKSFORME, INVALID, etc as may be appropriate to your situation (but not FIXED unless you know the bug with the patch). 

If you still see problem using a current version of Firefox or trunk build, please provide additional detail.
Whiteboard: closeme 2008-12-10
@Reporter, we have not heard back from you in a while, so I am closing this bug as INCOMPLETE. You can reopen this bug if more information becomes available. Some helpful information you can provide us is found at http://quality.mozilla.org/bug-writing-guidelines.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE
Whiteboard: closeme 2008-12-10

Comment 5

7 years ago
We're now tracking such bugs. This doesn't mean it's something we can fix, merely something we hope to be able to point vendors to so they can investigate. This is an automated message.
Component: Security → Kaspersky AV
Product: Firefox → Plugins
QA Contact: firefox → kaspersky-antivirus
Version: 1.5.0.x Branch → unspecified
(Assignee)

Updated

2 years ago
Product: Plugins → Plugins Graveyard
You need to log in before you can comment on or make changes to this bug.