Closed Bug 731552 Opened 13 years ago Closed 13 years ago

your browser allows executables to download and install themselves and run rampant.

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
10 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: inquisitor_general, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120215223356 Steps to reproduce: searched for brittany spears images on google images, opened one, not the full web page behind the image. Actual results: with NOTHING being clicked on, internet security 2012 trojan downloaded, then ran, and downloaded and installed the real **** program, which crippled all control keys, ie taskmanager etc etc and deleted most of my start programs list before Expected results: firefox hijacking - 1,180,000 results, (dickheads. why don't you FIX this? firefox trojan 14,100,000 results (dickheads. why don't you FIX this? you're not virgins. you know this stuff is starting to happen more and more. what the hell is wrong with you? why have you NEVER taken action? i've been done over 3 times in 24 hours. the latest thing a browser hijack from hell. please get your act together.
your browser allows executables to download and install themselves.!! this is SERIOUS. you need to hire some NORMAL programmers ASAP. and sack every single person you have now. please put me in charge. i'll get the job done. firefox, it's time to talk seriously about the quality of your work. time you ADMITTED there is a problem here, as this keeps happening over and over and over and over again. this happened to me last year. i've been done over 3 times in 24 hours. the latest thing a browser hijack from hell. your browser allows executables to download and install themselves. anybody can do this. it's so easy. you've heard of google haven't you.
Severity: normal → critical
Priority: -- → P3
Thanks for the submission. If you give us more details, we will be able to work on this bug: 1/ could you point us to the specific Britney Spears image(s)/page(s) that you suspect caused the issue? 2/ when you write that the trojan downloaded and installed, can you detail exactly what you saw? Did a new window open? Did an installer start? Was there anything visible? Did you have to click on anything? Note that many websites contain images or videos designed to look like installers but that actually do nothing and only serve to entice the user into clicking on a link and/or buying a security package. Also, a few remarks: - thanks for your statistics on hijacking & trojans, according to them, it seems that we actually doing much better than Chrome, Internet Explorer or Opera; - the tone you employ in your messages is not appropriate for a bug report - please follow the suggestions on https://bugzilla.mozilla.org/page.cgi?id=etiquette.html .
the data you requested re britney spears - the tone you employ in your messages is not appropriate for a bug report - you are right, and i do apologise for the tone. i agree my tone needed correction. i was of course upset at the time. (ie a whole day and night spent recovering what i can. all my mail is dead. gone. Firefox's fault. all my 100 programs in start up are missing. Firefox's fault. it took HOURS to clean out the computer Firefox's fault. and as soon as it was all clean as a whistle, ship shape, etc i then got a browser hijack from hell. almost immediately. result? browser TOTALLY un-usable. crippled beyond use. so I GAVE UP. i DELETED FIREFOX from my task bar to make SURE I NEVER RUN IT AGAIN on my base computer. i now run your broken, crippled, time wasting terd in Sandboxie, and Sandboxie on a virtual machine (VMWare XP in unity mode) because i'm sick of the time wasted fixing this stupid thing over and over. i'm a retired IT boy. but what the hell do normal people do? cry? ) anywho, so i do apologise for the previous tone, but am hoping you'll forgive the underlying emotions that gave rise to such. as you can tell, i'm still excited by the experience. all wound up over your lack of security that has gone on for YEARS unfixed. see, the same thing happened to me last year, though not so bad. many minor hijackings in between. i just assumed you patch up all the holes all the time. though i'm astounded that **** children still defeat you, bring your product to it's knees; render your product un-usable; delete a whole computer; turn your product into every computer owners worst nightmare so easily.; did you know it never occurred to me until right now the number of programs i run just to support FIREFOX?? i run Regrunner System Explorer Spybot Super-AntiSpyware Netlimiter and ALL of them in real time protection mode, just for FIREFOX. the number steadily growing over the years. All in real time, and none of them worked this time. (HEAPS of others of course to clean up firefoxes droppings not in real time) and still, even with all these condoms on, I finally GAVE UP. I DELETED FIREFOX from my task bar to make SURE I NEVER RUN IT AGAIN on my base computer. i now run your broken, crippled, time wasting terd in Sandboxie, and Sandboxie on a virtual machine (VMWare XP in unity mode) because i'm sick of the time wasted fixing the damage this stupid thing causes to my computer over and over. (he could have died totally yesterday. if i wasn't so quick to recycle into safe mode.) 1/ could you point us to the specific Britney Spears image(s)/page(s) that you suspect caused the issue? hmmm. i was occupied at the time, by urgent and important business, so the britney spears images are all sort of ... blurry. i suggest you get your IT minions to follow my path. just start opening them. somebody should find something. if not, do the same for warez, hacks, cracks etc etc. you know this. get your boys to look for trouble. either that, or line up guys who seem able to find trouble on a regular basis. firefox log tool'd be nice. 2/ a) when you write that the trojan downloaded and installed, b) can you detail exactly what you saw? c) Did a new window open? d) Did an installer start? e) Was there anything visible? f) Did you have to click on anything? g) Note that many websites contain images or videos designed to look like installers but that actually do nothing and only serve to entice the user into clicking on a link and/or buying a security package. a) only firefox was open, on google image search. i cleaned up the pieces manually, it came in via the plain vanilla "html doc inside an .exe'cutable in the firefox temp folder" method, which then downloads the real BASTARD malicious program somehow as already running. b) absolutely nothing to see. c) no d) absolutely not. e) absolutely nothing. f) absolutely not. the only page open was the google image search tab, i'd right click on an image to open another tab without leaving google image search page. it was one of those three unopened tabs, unlooked at pages that downloaded all this trouble. g) IT boy. retired young. noted. (dot com crash victim :o( and now to reply to the final part of your email; regardings statistics and the understandable defence of your baby. please go to this page; http://www.sandboxie.com/ n i'll read this to you; " Tired of dealing with rogue software, spyware and malware? Spent too many hours removing unsolicited software? " YES! damn it, YES! now please look down the bottom of this page. 21 of the largest web sites in the world have their stamp of approval on here. and i suggest Firefox is the reason they turned up here in the first place. Firefox - problem ownership versus irresponsibility your browser allows executables to download and install themselves and run rampant. i keep getting made love to against my will by Firefox, every year, same thing happens. in the past one day, in the past 24 hours, i've been done over three times. and it's YOUR FAULT. so. here we are. talking to each other. Solutions, Everybody likes to think they ARE important. They ARE smart. etc etc etc etc. nope. ain't so. admitting that you are utterly outclassed is the first step towards redemption. towards fixing the problem once and for ever. millions of IT boys out there, and some of them are Smart with a Capital S. beat you senseless. the difference between idiocy (70 IQ) and normal (100 IQ) is 2 standard deviations. you Firefox programming guys are around 120. these rare peeps are SMART, as smarter than you as you are smarter than an idiot who can't tie his own shoelaces (have a think about that, because this is the MAIN theme i want to talk to you about) and if you play logic with them, (chess, programming, whatever) they run RINGS around you. they'll beat you black and blue without hardly even noticing. with out even trying. and this is what is happening to you guys. over and over. every year it seems to me. every new version you release same story. the problem is that one of these uber SMART little **** takes 5 minutes to OWN your **** utterly. to be deleting stuff on a firefox computer at will. so i suggest you go ape **** all the way, straight off the bat. and do it ONCE. do it properly, and be forever safe. ASK for HELP. mail some universities asking for students to be given the task of paradigm change aimed at defeating the uber smart ****, once and for all. see? then you guys can get back to business colouring in. joining the dots, once an UBER smart computer guy has TOLD you what to do, to permanently avoid be **** over, over and over, and over again. ps http://www.dslreports.com/forum/r22677694-Trojan-checks-for-SandBoxIE-presence Trojan checks for SandBoxIE presence? Damn, I knew there are trojans/rootkits checking if they're being started up inside a VM. Now it seems they can check if they're being run inside a sandbox too? I downloaded an executable from Usenet called "inositol and anxiety disorder[Compressed].exe". Straightaway i knew it had to be malware, if it's an ebook why package it inside an exe? Ran it from SandboxIE and VMWare-> nothing happened. Run with sandbox/vm apps closed -> trojan comes alive. your boys will have to ride bareback (so that's me out)
(In reply to bob the builder from comment #3) > a) only firefox was open, on google image search. i cleaned up the pieces > manually, it came in via the plain vanilla "html doc inside an .exe'cutable > in the firefox temp folder" method, which then downloads the real BASTARD > malicious program somehow as already running. > > b) absolutely nothing to see. > > c) no > > d) absolutely not. > > e) absolutely nothing. > > f) absolutely not. the only page open was the google image search tab, i'd > right click on an image to open another tab without leaving google image > search page. it was one of those three unopened tabs, unlooked at pages that > downloaded all this trouble. Did you by any chance keep the file you mention in a)?
Which Plugin are installed and in which version? This is usually an old plugin with known security holes that you forget to update.
Severity: critical → normal
Priority: P3 → --
Did you by any chance keep the file you mention in a)? nope. (i've had to clean up firefoxes infections many times in the past, sometimes manually, but always with an automated tool if possible. i've never bothered keeping the attack files. it's just too common an occurrence and life is too short) you should advertise. post a REWARD; WANTED - dead or alive for a sample and there were two different attack files in %TEMP% and %USERPROFILE% the first was the real bastard deleter, the second was "internet security 2012" and started after i rebooted once i had cleaned everything up firefox log tool'd be nice. that is, if you are interested in fixing the persistent trojans, hijackings etc etc step one really.
"Which Plugin are installed and in which version?" adblock plus all in one side bar " This is usually an old plugin with known security holes that you forget to update." you have EXACTLY the wrong attitude for getting things built. guys who CAN build stuff, talk about building stuff. guys who are out of their depth buck pass, deny responsibility, prevaricate, etc etc. anybody can stand in front of me and offer excuses. i'd be moving you somewhere where you would be more comfortable. hire on experience, fire on attitude. just be aware that if i was your boss, you have just bluntly and plainly told me of your lack of skills with your attitude. not trying to dis you, just mentioning while passing through here that a task/goal oriented boss thinks like this. your attitude is EXACTLY wrong. 180 degrees from where your attitude should be. did you know that some people RELISH challenges? LOVE building stuff? not trying to dis you, just mentioning while passing through results boys versus prevarication boys.
as for down grading from critical to normal, you're insane. i suggest you hire an UBER smart financial computing guy who understands that people do their banking on YOUR browser. PAYPAL - on YOUR browser credit card purchasing - and love their computers. your lack of security has gone on for YEARS unfixed. the same thing happened to me last year, though not so bad. many minor hijackings in between. i'm astounded you still let **** children muck you round. bring your product to it's knees; make your product unusable; delete a whole computer; turn all your work into every computer owners worst nightmare. fellas; i'm not going to communicate any more. do what you like. be aware that you've created a great product that everybody likes, but there are HUGE persistent security flaws that can turn your lovely baby into an evil life sucking pain the ****. Firefox can turn into a nightmare. an absolute nightmare. how may programs are built just to clean up firefoxes messes? the largest software growth industry there is. so personally, i'd spend the time on this issue. i'd call this your NUMBER ONE issue. critical. as for down grading from critical to normal, i'd sack you so fast. (but i'm from financial computing and we take security UBER serious, we take the uber SMART IT guy threat real serious and take guaranteed steps to eliminate the threat absolutely. it CAN be done. and it just AIN'T that hard. so maybe it's just me) persistent, major security flaws that are NEVER fixed due to lack of vision and leadership is my assessment. not even a log tool? i'm not even going to communicate with you guys any more. do what you like.
Adblock+ is an extension. I want to know the installed plugins. Plugins are for example Flash, Java, Acrobat Reader...
Dear Bob/Malcolm, thank you for your comments. If I may, I would like to suggest a slightly different approach. As it is, the information you provide, while I hope it may eventually prove useful, is unfortunately drowned in the rest of your comments. This tends to complicate our work, as every second we spend sorting noise from information and/or laughing at your insults is one second that we do not spend converging towards a solution. So, in the spirit of efficiency, I will ask you to please keep focused on the point. Now. (In reply to bob the builder from comment #6) > and there were two different attack files > > in > %TEMP% > and > %USERPROFILE% > > > the first was the real bastard deleter, the second was "internet security > 2012" and started after i rebooted once i had cleaned everything up Do I understand correctly that both executables were executed, without any intervention from you, besides rebooting? That "the real bastard deleter" was executed before rebooting and the other one after? Also, succeeding at forcing Google Images to deliver to Firefox an executable to launch after a reboot, without any user intervention, would mean very grave security hole in all of - Google Images; - Firefox; - Windows; - RegRunner; - the rest of your anti-malware stack. While Firefox can be part of the problem, the problem you encountered can have a number of explanations that do not involve Firefox or Google Images. I need to know how you have reached the conclusion that Firefox is the culprit. Finally, as Matti mentioned, we need the list of _plugins_ (not just _addons_) installed on your firefox. Plug-ins are complete applications, with their own security holes, and experience shows that the vast majority of net-related issues are due to bad plugins, sometimes even bad security plugins. > firefox log tool'd be nice. that is, if you are interested in fixing the > persistent trojans, hijackings etc etc If you do not value your privacy, and if you have not deleted it, you can send us your browsing history. This might help us track down the problem, reproduce it and fix it.
Severity: normal → critical
Priority: -- → P3
Severity: critical → normal
Priority: P3 → --
a) Do I understand correctly that both executables were executed, without any intervention from you, besides rebooting? b) That "the real bastard deleter" was executed before rebooting and the other one after? c) Also, succeeding at forcing Google Images to deliver to Firefox an executable to launch after a reboot, without any user intervention, d) would mean very grave security hole in all of - Google Images; - Firefox; - Windows; - RegRunner; - the rest of your anti-malware stack. a) absolutely. and why i'm here. we appear to hang out in real different parts of the net. you guys all live in pleasant-ville by the sound of it. goto barry manilow web sites etc, and by your tone, you've never been molested in your lives, while me and everybody else get mugged every second day. b) yes. i can't believe you're all little virgins. everybody else on the net is downloading realtime blocks, filters, script blockers left right and center and you guys NEVER get done over? c) incorrect. Google images DID NOT do that. it was a page that was loading in an un-opened tab that did exactly that. d) are you taking the ****? are you being obtuse? funny? pulling my leg? every IT guy knows you go to the wrong web site and they OWN your computer utterly. bootstrapping trojans etc. that simple. do a google search for a simple recipe, and try it yourself. - RegRunner? it's as DUMB a program as ever written, (i was clutching at straws at the time). e) Finally, as Matti mentioned, we need the list of _plugins_ (not just _addons_) installed on your firefox. Plug-ins are complete applications, with their own security holes, and experience shows that the vast majority of net-related issues are due to bad plugins, sometimes even bad security plugins. e) you're lucky. as i had recently updated, and it was a fresh, CLEAN install, (ie every component utterly deleted) so it was the latest 6.0.2 with NO additional plugins other than default. so you already have the list. f) While Firefox can be part of the problem, the problem you encountered can have a number of explanations that do not involve Firefox or Google Images. I need to know how you have reached the conclusion that Firefox is the culprit. f) far out. is the earth flat? we could argue for ages, but instead i'll say one more time; good luck with this, i am not going to communicate with you anymore but my best wishes, and good luck reigning in the obvious culprit. "If you do not value your privacy, and if you have not deleted it, you can send us your browsing history." don't care about privacy, but every single piece of firefox has been deleted, then reinstalled (and it still won't work properly; only shows one screen of google images??? who knows where you installed/splattered some of your goo, and i ain't gunna spend the time to get firefox to work)(as i'm running it now in a VM anyway (as HEAPS of IT boys are now doing!) David Rajchenbach Teller [:Yoric] you are right and i apologise. here's the thing, you guys deal with each other every day, and you have your own private culture. and it took me awhile to understand and then match your tone/expectations etc. i'm just having real trouble taking you guys seriously now. you never get mugged? etc see? while me n everybody else gets done over 3 time in 24 hours. bye fellas, and good luck.
Bob, let's remember that BMO is a technical bug reporting database for Mozilla Developers. It isn't for end-user support. As such, you will sometimes be asked for very specific information that is needed to make the bug report complete for a developer to work on. Plugins are not addons, but things like Flash, Java, quicktime, etc. Even uninstalling and reinstalling Firefox does not touch these. As you've said you don't wish to work on this bug further, I'll close as INCO, if you decide to give the information requested in a polite fashion, please reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.