Closed Bug 656256 Opened 13 years ago Closed 13 years ago

Virus installed via Google Image Search while using Firefox 4.0.1

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: brandonavet, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

A virus was installed on my computer while browsing images with Google Image Search.

This is the first virus infection I've had in five years.
This infection occurred within 4 hours of upgrading to Firefox 4.0.1 (from Firefox 3).

Reproducible: Always

Steps to Reproduce:
1. Go to the following URL and the virus installation attempt should be triggered:
http://www.google.com/imgres?imgurl=http://bogarin.blogsome.com/images/nevada2_01.jpeg&imgrefurl=http://www.imprezypodroznicze.pl/wer/natsumi%2520tsuji%2520nevada%2520tan-26446.html&usg=__OELuzsW8EicyTrJXFp7r2OsMr8E=&h=170&w=200&sz=10&hl=en&start=10&zoom=1&tbnid=0VubG1o-X2tOFM:&tbnh=88&tbnw=104&ei=lm_KTb3pBa7QiALJn_SkBg&prev=/search%3Fq%3Dnevada%2Btan%26hl%3Den%26biw%3D1024%26bih%3D614%26gbv%3D2%26tbm%3Disch&itbs=1

If that doesn't work:
1. Go to this URL:
http://www.google.com/search?tbm=isch&hl=en&source=hp&biw=1024&bih=614&q=nevada+tan&gbv=2&aq=f&aqi=&aql=&oq=
2. Begin clicking on each of the images and continue doing so until the virus installation is triggered.

Actual Results:  
A very malicious virus was installed on my computer.

Expected Results:  
Firefox should not have allowed this virus installation.
There appears to be a security hole in Firefox 4 that allowed for this.

I'm using Windows XP Professional SP3

The virus installs and begins its malicious activity almost immediately after clicking to view the image.
Avira Antivirus was able to detect and block some of the virus' activity.
However, the virus was still able to render the computer virtually useless and a system restore was required.
What plugins do you have installed (and versions)? You can find this information by going to https://www.mozilla.com/en-US/plugincheck/
Blocks: malware-attacks
Google image search has become notorious for linking to malware sites recently. The ones we've seen have all used exploit packs that focus on plugin vulnerabilities. hard to say what was actually used when you hit the search because the results change constantly.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.