Closed Bug 665278 Opened 9 years ago Closed 9 years ago

Security exploit? Website installing viruses

Categories

(Firefox :: Security, defect)

Other
Windows 7
defect
Not set

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: hardi_h, Unassigned)

References

(Blocks 1 open bug, )

Details

User-Agent:       Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Build Identifier: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

Try browsing wallpapers on hugewallpaper.com
Ocassionally some .exe is downloaded into your temp folder and is automatically run, closing the browser and when you open it you can't visit any websites.
There are other websites that do similar thing, but this time I really experimented with it just to report the problem.

Reproducible: Sometimes

Steps to Reproduce:
1. Just click around the website http://www.hugewallpaper.com
2.
3.

Actual Results:  
An .exe is downloaded and automatically run. They are viruses such as Win 7 antivirus, some antimalware, etc (can't remember exact names)

Expected Results:  
Block .exe from being downloaded and run automatically I suppose?

Thank you :)
Did you repport the website as being malicious ?

Do you have a direct url where an exe *will* be downloaded ?
I don't know if it's from the website itself or from one of their ads or somewhere else. I'm not an expert. All I know is if you browse around that website you will eventually get a virus, and it is definitely reproduceable (tested it 3 times). I think the guys at Mozilla should be able to figure out where it's from easily.
What plugins do you have and what versions? Please go to https://www.mozilla.com/en-US/plugincheck/ and tell us what it says.
I've got an outdated Java version, version 6.20, the latest is 6.26.
The rest were unknown or up to date.
So you can't reproduce the problem I mentioned?
It could have been the outdated Java, I updated it and tried browsing around again and I haven't got any viruses so far.
No, I couldn't reproduce. Could also be that the site (or its ad network) found and purged the problem.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.