Closed Bug 645085 Opened 15 years ago Closed 15 years ago

Malicious SMTP server at "hotmail.om" not blocked by Firefox 4

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: andres, Unassigned)

References

(
URL
)

Details

(Whiteboard: [bugday-20110401])

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0 Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0 When I accessed "hotmail.om" by mistake a malicious SMTP server started running on my computer, CPU usage went to 100% and Symantec Endpoint Protection started giving errors (unable to send mail to literally hundreds of ramdom addresses...). I closed Firefox 4 and everything when back to normal, reopened Firefox and the problem started again... Deleting "Private Data" didn't fix the problem, I'm still trying to fix it, I'll probably end up uninstalling Firefox 4 and deleting user profiles and other Firefox related preferences files/folders. It happened on my office PC running Windows XP SP3 x86, I have not tried to reproduce the problem on another computer. Reproducible: Didn't try
I fixed the problem by: 1) Logout my current user (power user) 2) Login with Administrator account 3) Deleting the contents of Windows "TEMP" folder under Windows user profile (whe the malicious file was stored by Firefox) Apparently Firefox allowed the "malicous" website (Hotmail.om; not verified... but almost certain because problem started as soon as I visited that page) to download a file to the "TEMP" folder and then started running it. Malicious file stopped running after quiting Firefox 4, and restarted running as soon as I restarted Firefox 4. The file was called "*.tmp" under Windows user's profile TEMP folder; I was unable to delete the file when logged with the affected Windows user (it said that the file was protected or in use and could not be deleted). Again, clearing Firefox cache/history (a.k.a. all Private Data) had no effect on the problem. I did not try to reproduce the problem again (Sorry but I don't have the time). Because of this I'm not sure if problem is exclusive to Firefox 4, Firefox 3 or any other browser. Neither did I tried to reproduce the problem on any other platform, or any other version of Windows.
A regular PC user (not very computer savvy) wouldn't know how to deal with this kind of problem.
Group: core-security
Agreed, this website should be blocked. Build identifier: Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0
Please use the Help > Report Web Forgery feature in Firefox. Any site reported using this tool will be blacklisted by Firefox.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
Whiteboard: [bugday-20110401]
Done, thanks for the advice!
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.