Closed Bug 554579 Opened 10 years ago Closed 9 years ago

after visiting this page rootkit has been installed on system


(Firefox :: General, defect, critical)

3.6 Branch
Windows XP
Not set





(Reporter: knc.svk, Unassigned)


(Blocks 1 open bug, )


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; sk; rv: Gecko/20100316 Firefox/3.6.2 (.NET CLR 3.5.30729)
Build Identifier: Mozilla Firefox 3.5.8, Windows; U; Windows NT 5.1; sk;(.NET CLR 3.5.30729)

on that page is hidden iframe which is possible to install rootkit

Reproducible: Always

Steps to Reproduce:
1. visit with Firefox 3.5.8
2. with firebug plugin you can see iframe at the bottom(it's dynamically generated so view-source NOT work)

Actual Results:  
Rootkit has been istalled on my system

Mozilla Firefox 3.5.8 should be forced to update to 3.6
Hi ^knc,

Thanks for reporting.  We could use additional help in tracking this down.

Were you able to capture the code from the iframe that did the installation?  I'm having trouble reproducing this now.  It might be because the site rotates content.

Does the site seem to be taking advantage of some flaw in Firefox, or a vulnerable plugin or other weakness.

What rootkit was installed, and what anti-virus or other package detected the rootkit?

Is the problem not seen with 3.6, or is 3.6 immune to the problem?

One possibilty is to also submit this to and have the site blocked by Firefox safebrowsing feature.  I don't see any reports submitted on this site there yet.   To get blocking to happen we will need to to isolate the the bad code being served.
Group: core-security
Version: unspecified → 3.6 Branch
Reporter -> Are you still experiencing this issue? Do you have any additional info to provide? Can you address the questions from comment 1?
Closing bug as Incomplete - if you are still experiencing this issue or have more information to provide feel free to post back here and we can re-open the bug. You can also get assistance by visiting the Firefox help site ->
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.