Closed Bug 530452 Opened 15 years ago Closed 15 years ago

Visiting this page gave me a rootkit

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: nitr0, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 When I visit link http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814, I saw a warning about execution of unsigned code. I press "No", but after that I saw in system rootkit. Malware code are in iframe in the end of HTML, and uses 'referrer' field to make learning of it harder. Reproducible: Always Steps to Reproduce: 1. Open http://www.radio-portal.ru/index.php?name=EZCMS&menu=11367&page_id=1814 2. Scan system for malware/rootkits Actual Results: Infected system
The warning about unsigned code execution came from web content, not from Firefox. This is just a report of a malware site, not a bug in Firefox. It should probably be RESOLVED INVALID but I'll wait for someone else to concur.
Summary: Security branch (unwanted code execution) → Visiting this page gave me a rootkit
Blocks: malware-attacks
I visited the URL specified in my Windows VM and saw no such warning. There's not much we can do with this report, I'm afraid.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.