Firefox vulnerable to XP Antivirus 2009 & Variants

RESOLVED INCOMPLETE

Status

()

Firefox
Security
--
major
RESOLVED INCOMPLETE
9 years ago
7 years ago

People

(Reporter: Tim Smith, Unassigned)

Tracking

3.0 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CLOSEME 2011-2-15], URL)

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6

OS: XP Pro SP3.  Anti virus: McAfee Enterprise 8.5.0i (scan engine 5300.2777, Dat Version 5533.0000 02-22-09)  When accessing the URL listed above using Firefox 3.0.6. a Script execution attempts to install a variant of XP Anti virus 2008.  Script execution is blocked by McAfee when the URL listed above is accessed using Microsoft Internet Explorer 7.

Reproducible: Always

Steps to Reproduce:
1.  Google search "Candace Smith Survivor)
2.  Click on link for http://www.freewebs.com/uyynews/candace-smith-survivor.html
3.  Pop up displays misleading information about virus infection prompting user for action which causes Mal ware to be installed.
Actual Results:  
Mal ware will be installed on target PC.  See the following for further details: 
http://en.wikipedia.org/wiki/MS_Antivirus

Expected Results:  
I would expect the security software to protect the browsing experience regardless of which browser I use. 

This is the first time I have experienced IE 7 providing better security / integration than Firefox.  I prefer Firefox and use it exclusively with exceptions only where required.  XP Anti Virus 2009 and it variants have caused others at my company considerable down time and I am surprised that Firefox is vulnerable.  If this is a McAfee problem then I apologize for this post.
The URL in comment#3 doesn't cause any popups.

You mean that Firefox is vulnerable, does that mean that the malware installs on that page without that the user gets a prompt from Firefox ?

Updated

9 years ago
Version: unspecified → 3.0 Branch
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode or a fresh profile? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2011-2-15]
No reply from reporter, INCOMPLETE. Please retest with Firefox 4 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.