Closed
Bug 574252
Opened 15 years ago
Closed 9 years ago
Virus Exploit
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: jkenn, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB7.1 (.NET CLR 3.5.30729)
When a user closes Firefox the user gets prompted to click on a link to download a file essentially compromising system. It is a redirect exploit and I've reported it on Lockergnome: http://www.lockergnome.com/jfk/2010/06/23/computer-virus-alert-firefox-exploit-compromises-systems/
Reproducible: Always
Steps to Reproduce:
1.Goto: http://error-reports.com/view/id/4563/
2.Actual URL: http://rts.sparkstudios.com/r.poptracking?pcid=c085cf11-3d30-4139-b241-1bf0c9879eb5&eventid=3&aid=40045&offerid=5357&poolid=460&publisherid=340&siteid=209&country=US&qsurl=http%3a%2f%2ferror-reports.com%2fview%2fid%2f4563%2flpview.php&h=&firstdelivery=True
3. URL Name: r.poptracking
Actual Results:
You are at risk of auto downloading a file.
Expected Results:
You are prompted to download file.
The file was downloaded and submitted to Symantec online security team. Unsure of which website I visited before attack happened.
|
||
Comment 1•15 years ago
|
||
Why do you know that Firefox downloaded and executed the file or did you just got a prompt ?
When I closed Firefox this script (page) ran forcibly for the first time: http://error-reports.com/view/id/4563/
This message pop-up ran making the user think Firefox crashed.
It is still active in version 3.6.4
A user may unknowingly execute the file.
I'm not sure which website or page I was on originally the precipitated the exploit. "You are at risk of auto downloading a file" as stated above.
http://www.mywot.com/en/scorecard/error-reports.com shows it's not particularly trustworthy.
if you want to report a problem, please use:
http://badwarebusters.org/community/submit
Yes -- Error Reports is a spoof link.
The real URL is: http://rts.sparkstudios.com/r.poptracking?pcid=c085cf11-3d30-4139-b241-1bf0c9879eb5&eventid=3&aid=40045&offerid=5357&poolid=460&publisherid=340&siteid=209&country=US&qsurl=http%3a%2f%2ferror-reports.com%2fview%2fid%2f4563%2flpview.php&h=&firstdelivery=True
|
|
||
Comment 5•15 years ago
|
||
I can't see why this should be a bug in Firefox.
|
||
Updated•14 years ago
|
Version: unspecified → 3.6 Branch
|
||
Updated•9 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•