Closed
Bug 448484
Opened 16 years ago
Closed 16 years ago
Site badgers user with download dialog until user accepts malware or force-quits
Categories
(Firefox :: Security, defect)
Tracking
()
People
(Reporter: jeidsath, Unassigned)
References
()
Details
(Whiteboard: [sg:low] DUPEME)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 The above URL (http://transcend-staging-1.com/default.html) is a spam link to a site that attempts to install malware on Firefox. It is able to lock up Firefox using Javascript and is also able to force an install of Yahoo Toolbar (https://addons.mozilla.org/en-US/firefox/addon/2032) without user permission. Has anyone verified that this addon actually comes from Yahoo? Reproducible: Didn't try
Comment 1•16 years ago
|
||
The url is not working for me, I get "Access forbidden!".
Reporter | ||
Comment 2•16 years ago
|
||
Try a Google search for "Watch Free Movie - Update Every Hour!" and you will come up with a number of sites infected by this. After clicking through the links for a while, I was able to find one that was still up halfway down Google's front page. It appears that to get the Javascript loop started, you need to click the 'X' on the fake Windows window. The Javascript loop works in Linux, but the Yahoo toolbar was not installed.
Comment 3•16 years ago
|
||
> Try a Google search for "Watch Free Movie - Update Every Hour!"
On one of these sites, I get a repeated alert() followed by a download dialog. Not an insta-pwn, and pretty hard to prevent :(
Group: core-security
Summary: "Yahoo Toolbar" is Malware? → Site badgers user with download dialog until user accepts malware or force-quits
Whiteboard: [sg:low]
Comment 4•16 years ago
|
||
dupe of bugs on letting users kill modal-dialog loops?
Blocks: eviltraps
Whiteboard: [sg:low] → [sg:low] DUPEME
Updated•16 years ago
|
No longer blocks: eviltraps
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•