If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

crashes at kovodstvo.htm

RESOLVED WORKSFORME

Status

()

Firefox
General
--
critical
RESOLVED WORKSFORME
7 years ago
3 years ago

People

(Reporter: chris hofmann, Unassigned)

Tracking

(Blocks: 1 bug, {crash})

3.5 Branch
x86
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: _SEH_prolog)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Created attachment 470123 [details]
kovodstvo.htm for 2010 08 16

http://safeweb.norton.com/report/show?name=gtof.info mentions that drive-by downloads and possible attacks on users have been observed at http://gtof.info/kovodstvo.htm

searching the crash database I see a number of domains and url paths serving files by the name kovodstvo.htm that result in firefox/flash/other plugin  crashes

this needs more research to figure out if this is a general kind of attack and if the contents of some or all of these kovodstvo.htm files are legitimate, but if they are not, we might consider wholesale safe browsing blocking as a defense.

I'll attach a file with a sample of crash count, signature, firefox version, flash version and domain://kovodstvo.htm where the files are being served.

we could also set automation to pound extra **** this set of url looking for reproducible crashes and evidence of exploit code being served.
(Reporter)

Updated

7 years ago
Blocks: 512788
Keywords: crash
(Reporter)

Updated

7 years ago
Whiteboard: _SEH_prolog

Comment 1

3 years ago
_SEH_prolog was the signature?
Severity: normal → critical
Flags: needinfo?(chofmann)
(Reporter)

Comment 2

3 years ago
(In reply to Wayne Mery (:wsmwk) from comment #1)
> _SEH_prolog was the signature?


guessing yes.  but http://gtof.info is no longer around so this research reminder bug is probably not very useful.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(chofmann)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.