Closed Bug 704572 Opened 14 years ago Closed 14 years ago

high win spy security hole, confirmed with firefox 8

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Version:
8 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: beingnikhild, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 Build ID: 20111104165243 Steps to reproduce: i visited a site called 3xploits.com/2500.html Actual results: a win spy was downloaded in firefox cookie folder bypassing all firefox security and microsoft security essential generated and security warning Expected results: firefox should protect me with such attacks as firefox is no.1 at security levels i don't expect such security from firefox
wgetting the page results in MSE alert for VirTool:HTML/Akspy.A. It appears to be a control page for accessing various web installations, but I didn't see anything particularly malicious in the file itself. Loading the page in Firefox 8 on Windows XP did not alert MSE though. Nikhil, when we view a page it ends up in the Cache is that what you meant rather than the cookie folder? Just because something appears in the cache does not mean you were infected.
ya, sorry i mean cache folder, i am using windows 7 ultimate 64bit os, when i visited the page MSE generated an security warning for VirTool:HTML/Akspy.A, ya you're right the file is not malicious but what if it had something that may used to gather and send username password that are saved as remember me, i expected not to download anything harmful from web without my permission, i know some site stores offline cache and sometime whole web page for quick access and/or to save server bandwidth, but i don't want them to store something that may in result harmful for me. anyway thanks for info and i hope you will look at this, thanks again.
But we don't know if it's harmful before we download it. Sure, some percentage of bad sites get put on the malware list and blocked, but that list is generated by scanning sites so there will always be times when someone can download bad content before it's put on the list and the list is downloaded by people's browsers. Anti-virus products will scan the cache files as they are being written (and sometimes on the network before Firefox even sees it) so those are additional layers of protection. And then there are "attacks" that are long patched and no worry to anyone that anti-virus products still warn about because they don't know whether you have an up to date browser or not. And of course anti-virus products do sometimes have false-positives. I don't see any evidence that Firefox did the wrong thing here, that is, no "bug" to fix.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.