Closed Bug 591549 Opened 10 years ago Closed 6 years ago

crashes at kovodstvo.htm

Categories

(Firefox :: General, defect, critical)

3.5 Branch
x86
macOS
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: chofmann, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, Whiteboard: _SEH_prolog)

Attachments

(1 file)

http://safeweb.norton.com/report/show?name=gtof.info mentions that drive-by downloads and possible attacks on users have been observed at http://gtof.info/kovodstvo.htm

searching the crash database I see a number of domains and url paths serving files by the name kovodstvo.htm that result in firefox/flash/other plugin  crashes

this needs more research to figure out if this is a general kind of attack and if the contents of some or all of these kovodstvo.htm files are legitimate, but if they are not, we might consider wholesale safe browsing blocking as a defense.

I'll attach a file with a sample of crash count, signature, firefox version, flash version and domain://kovodstvo.htm where the files are being served.

we could also set automation to pound extra **** this set of url looking for reproducible crashes and evidence of exploit code being served.
Keywords: crash
Whiteboard: _SEH_prolog
_SEH_prolog was the signature?
Severity: normal → critical
Flags: needinfo?(chofmann)
(In reply to Wayne Mery (:wsmwk) from comment #1)
> _SEH_prolog was the signature?


guessing yes.  but http://gtof.info is no longer around so this research reminder bug is probably not very useful.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(chofmann)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.