Closed Bug 572095 Opened 14 years ago Closed 13 years ago

Hidden link cause Mozilla crash (without any message) and arbitrary code execution is permitted (a variant of Win32/Kryptik.BNO trojan tried to install it self from http://alodh.in/v2/out/grab.exe, name of .exe file changes)

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: mrenato, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

Attachments

(2 files, 1 obsolete file)

Plugins check (text version)
1.38 KB, text/plain
Details
Plugin check updated
1.59 KB, text/plain
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)

A java window appears for a couple of seconds and then Mozilla crashes. My AV Nod32 blocks the main file (see summary) but it can install and execute an .exe file in the C:\Documents and Settings\%CurrentUser%\Local Settings\Temp dir.

I got Mozilla Firefox 3.5.9.

Reproducible: Always

Steps to Reproduce:
1. Open the web site: http://www.motogp.com/en/

Actual Results:  
Loading the main page, when the flash starts a small Java orange window appears and then Firefox crashes.
What version of Java do you have installed? What does http://www.mozilla.com/en-US/plugincheck/ say about whether it is up to date? Are your other pluigns such as Flash up to date as well?
Attached file Plugin Check (obsolete) — 
My Java version is 6.0.200
sorry, but it is too much of a risk to open a pdf just to get the plugin version numbers.
sorry...
Attachment #451268 - Attachment is obsolete: true
You need to update Quicktime and Flash. The plugin check report is incorrect in stating that your Flash is up to date.
Attached file Plugin check updated 

    
    

    
  
I can trust to navigate this site with no fear?..

    
    

    
  
Not yet. Still investigating.

    
  
Blocks: malware-attacks
Group: core-security

    
    

    
  
You also need to get rid of Adobe Acrobat. you don't appear to be using the latest version ("9.3.2": they finally added the version string to the description so people can tell), but even that version is currently being exploited in the wild with no patch available yet (maybe in another week there will be an update).

If you can't live w/out Acrobat and can't use another PDF reader for a week then follow Adobe's advisory and delete the authplay.dll
http://www.adobe.com/support/security/advisories/apsa10-01.html

    
    

    
  
Reporter, any updates with latest plugins and Firefox version?

    
    

    
  
Closing bug as Incomplete - if you are still experiencing this issue or have more information to provide feel free to post back here and we can re-open the bug. You can also get assistance by visiting the Firefox help site -> http://support.mozilla.com/en-US/kb/Ask+a+question
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE

    
  
Resolution: INCOMPLETE → FIXED

    
    

    
  
a resolution of fixed is reserved for changes in Firefox's code which result in a fix. I assume you meant that your issue was fixed. reverting to incomplete.
Resolution: FIXED → INCOMPLETE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: