Closed Bug 572095 Opened 10 years ago Closed 9 years ago

Hidden link cause Mozilla crash (without any message) and arbitrary code execution is permitted (a variant of Win32/Kryptik.BNO trojan tried to install it self from http://alodh.in/v2/out/grab.exe, name of .exe file changes)

Categories

(Firefox :: Security, defect, critical)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: mrenato, Unassigned)

References

(Blocks 1 open bug, )

Details

Attachments

(2 files, 1 obsolete file)

1.38 KB, text/plain
Details
1.59 KB, text/plain
Details
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 ( .NET CLR 3.5.30729)

A java window appears for a couple of seconds and then Mozilla crashes. My AV Nod32 blocks the main file (see summary) but it can install and execute an .exe file in the C:\Documents and Settings\%CurrentUser%\Local Settings\Temp dir.

I got Mozilla Firefox 3.5.9.

Reproducible: Always

Steps to Reproduce:
1. Open the web site: http://www.motogp.com/en/

Actual Results:  
Loading the main page, when the flash starts a small Java orange window appears and then Firefox crashes.
What version of Java do you have installed? What does http://www.mozilla.com/en-US/plugincheck/ say about whether it is up to date? Are your other pluigns such as Flash up to date as well?
Attached file Plugin Check (obsolete) —
My Java version is 6.0.200
sorry, but it is too much of a risk to open a pdf just to get the plugin version numbers.
sorry...
Attachment #451268 - Attachment is obsolete: true
You need to update Quicktime and Flash. The plugin check report is incorrect in stating that your Flash is up to date.
Attached file Plugin check updated
I can trust to navigate this site with no fear?..
Not yet. Still investigating.
Group: core-security
You also need to get rid of Adobe Acrobat. you don't appear to be using the latest version ("9.3.2": they finally added the version string to the description so people can tell), but even that version is currently being exploited in the wild with no patch available yet (maybe in another week there will be an update).

If you can't live w/out Acrobat and can't use another PDF reader for a week then follow Adobe's advisory and delete the authplay.dll
http://www.adobe.com/support/security/advisories/apsa10-01.html
Reporter, any updates with latest plugins and Firefox version?
Closing bug as Incomplete - if you are still experiencing this issue or have more information to provide feel free to post back here and we can re-open the bug. You can also get assistance by visiting the Firefox help site -> http://support.mozilla.com/en-US/kb/Ask+a+question
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
Resolution: INCOMPLETE → FIXED
a resolution of fixed is reserved for changes in Firefox's code which result in a fix. I assume you meant that your issue was fixed. reverting to incomplete.
Resolution: FIXED → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.