Closed Bug 517790 Opened 16 years ago Closed 16 years ago

Memory leak allowing website to download and execute VBScript

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: bsns.acc, Unassigned)

References

(
URL
)

Details

(Whiteboard: [sg:needinfo])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729) Early last night, I was browsing for the lyrics of a song (which happened to be the first time since I've reinstalled). Upon reaching on the URL provided for the demonstration, Firefox jumped up to ~600mb before I closed it. I tested this 3 times, to make sure it wasn't just firefox misbehaving, however, the exact same thing happened each time. Today, I cannot seem to recreate the incident, however a friend of mine who visited the link says she had a vb script pop up to try and install. During the memory leak, several trojans were downloaded and installed (without any notice obviously), only this morning I found out that my computer was behaving abnormally. The memory leak allowed for the vbscript (or trojan) to be downloaded and executed on my computer. The 2nd possible link which seems to cause a spike in memory/cpu use is http://www.metrolyrics.com/kung-fu-fighting-lyrics-carl-douglas.html Reproducible: Sometimes Steps to Reproduce: 1.Go onto website 2. 3. Actual Results: Nothing out of the ordinary (except increased cpu/memory load for the second website - might be due to flash) Expected Results: Virus/Trojan Download/Memory leak Additionally, a website popped up (the fake A/V) which requires you to cancel or press Ok in order to leave the website. (Advertisement)
VBscript won't run in Firefox, but if an infection was able to run locally it could launch VBScript on the local machine (unless you're using the "IETab" addon, which means you're really running IE that just happens to look like Firefox). What version of plugins do you have installed? I don't see malicious scripts on that page, but there are some rotating ads and Flash content. From the Tools menu open the Add-ons dialog and click the Plugin tab.
Whiteboard: [sg:needinfo]
I did not have IETab, nor am I 100% sure if was even a VBScript (that's what my friend got when she visited the site). I had the standard plugins (Flash,Adobe Reader,Java), all up to date. It most likely might have been an advertisement, during the 2nd visit to that website (out of the 3 times I tried), I had a fake "antivirus" HTML based web page pop up, which of course i canceled/closed. The trojan I got was quite advanced,it took me hours to get rid of it, and after I finally did, it quite a few system files infected/corrupted, such that I couldn't do anything in windows. It also placed it's self in the Firefox folder (or at least edited something) causing Firefox's homepage / toolbar search to redirect to a custom search site. (Also did the same for IE, only it took over google entirely). After I removed the trojan, the search on Firefox was broken, wouldn't work. Trying to go to google with IE would give a dns error. I reinstalled windows now, and will be trying to reproduce the bug.
Looks like the trail has gone cold on this one.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.