Closed Bug 688116 Opened 14 years ago Closed 14 years ago

malware site can remotely execute code

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
6 Branch
Platform:
x86
Windows Vista
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED WORKSFORME

People

(Reporter: alan.cocox, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 6.0; rv:6.0.2) Gecko/20100101 Firefox/6.0.2 Build ID: 20110902133214 Steps to reproduce: Logged on to http://financeuser-infostore.com/ Actual results: It tried to execute malicious code - intercepted by my AV. I did not click on anything or download anything. Expected results: Nothing.
Contains an iframe hosted at http://wxxhytjujqrtjklttff.cx.cc/main.php?page=6c9ce277482cac0d that uses a Java applet. Saving the file activates Security Essentials that flags this as Exploit:Win32/CVE-2010-1885.A See http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AWin32%2FCVE-2010-1885.A Alan, please make sure your Windows is up to date with security patches then visit https://www.mozilla.org/en-US/plugincheck/ to check your plugins and update any that are out of date, especially Java.
Blocks: malware-attacks
Malicious page is now gone, looks like a known Java exploit.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.