Closed
Bug 591549
Opened 14 years ago
Closed 10 years ago
crashes at kovodstvo.htm
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: chofmann, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, Whiteboard: _SEH_prolog)
Attachments
(1 file)
|
85.80 KB,
text/plain
|
Details |
http://safeweb.norton.com/report/show?name=gtof.info mentions that drive-by downloads and possible attacks on users have been observed at http://gtof.info/kovodstvo.htm searching the crash database I see a number of domains and url paths serving files by the name kovodstvo.htm that result in firefox/flash/other plugin crashes this needs more research to figure out if this is a general kind of attack and if the contents of some or all of these kovodstvo.htm files are legitimate, but if they are not, we might consider wholesale safe browsing blocking as a defense. I'll attach a file with a sample of crash count, signature, firefox version, flash version and domain://kovodstvo.htm where the files are being served. we could also set automation to pound extra **** this set of url looking for reproducible crashes and evidence of exploit code being served.
|
Reporter | |
Updated•14 years ago
|
Blocks: malware-attacks
Keywords: crash
|
|
Reporter | |
Updated•14 years ago
|
Whiteboard: _SEH_prolog
|
||
Comment 1•10 years ago
|
||
_SEH_prolog was the signature?
Severity: normal → critical
Flags: needinfo?(chofmann)
|
|
Reporter | |
Comment 2•10 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #1) > _SEH_prolog was the signature? guessing yes. but http://gtof.info is no longer around so this research reminder bug is probably not very useful.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(chofmann)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•