Closed Bug 688116 Opened 9 years ago Closed 9 years ago

malware site can remotely execute code

Categories

(Firefox :: Security, defect)

6 Branch
x86
Windows Vista
defect
Not set

Tracking

()

VERIFIED WORKSFORME

People

(Reporter: alan.cocox, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 6.0; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Build ID: 20110902133214

Steps to reproduce:

Logged on to http://financeuser-infostore.com/


Actual results:

It tried to execute malicious code - intercepted by my AV. I did not click on anything or download anything.


Expected results:

Nothing.
Contains an iframe hosted at http://wxxhytjujqrtjklttff.cx.cc/main.php?page=6c9ce277482cac0d that uses a Java applet. Saving the file activates Security Essentials that flags this as Exploit:Win32/CVE-2010-1885.A

See http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AWin32%2FCVE-2010-1885.A

Alan, please make sure your Windows is up to date with security patches then visit https://www.mozilla.org/en-US/plugincheck/ to check your plugins and update any that are out of date, especially Java.
Malicious page is now gone, looks like a known Java exploit.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.