Closed
Bug 445455
Opened 16 years ago
Closed 16 years ago
The new "Reported Attack Site" fails to stop infection
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 438831
People
(Reporter: eurolite, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0 The new "Reported Attack Site" feature in Firefox 3.0 will block the site and not stop the infection at all. Reproducible: Always Steps to Reproduce: 1. MAKE SURE you're running anti-virus software 2. Go to www.keygen.us 3. Watch your anti-virus software go psycho Actual Results: The attached photo explains it all but it triggered my anti-virus software Expected Results: Completely blocked the site not triggering any virus alerts or potentially infecting the user. I checked to keep this confidential due to the malicious content contained in this report. If a user tried to replicate this security failure it is possible they may become infected with malicious software. I personally consider this a major issue due to the fact a user may get a false sense of security from the notice of the site being blocked. I am sorry but I cannot report technical data on what exploit is triggering this alarm due to the fact that viewing the source of the blocked page only opens the view-source window with another notice saying it is a "Reported attack site" and the ignore this warning feature fails to work (Inside the newly opened window)(Which I am guessing is another bug all together).
Comment 1•16 years ago
|
||
The site mentioned is blocked for me as intended. I suspect that the antivirus is using a similar list, and is responding to bug 438831. LiveHTTPHeaders confirms no other traffic.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Updated•16 years ago
|
Group: core-security
Comment 2•16 years ago
|
||
(In reply to comment #0) > (...) > on what exploit is triggering this alarm due to the fact that viewing the > source of the blocked page only opens the view-source window with another > notice saying it is a "Reported attack site" and the ignore this warning > feature fails to work (Inside the newly opened window)(Which I am guessing is > another bug all together). Your guess is right - see bug 435726 (it has "phishing protection" in the title, but underlying mechanisms for phishing and malware "protection" are actually the same).
You need to log in
before you can comment on or make changes to this bug.
Description
•