Security flaw report

Name:    Paul Mc Kenna
Email:   pmckennaatfastmaildotus
Product: Firefox
Summary: Security flaw report

Comments: 
I didn't know where else to send this......

While attempting to connect to this site

http://classic-media-player.citywebonline.com/11-installing-media-player-window.html

I was quietly redirect to this site

http://themymoviessite.com/movie/black/0/21/541/20/

A very convincing dialogue comes up saying that an activeX plugin is
missing and the user needs to click "continue" to download the missing
file. I did not click anything and was simply viewing the site
(marveling at how convincing it was) when I got a popup from my AV
software saying that it had detected an infection.

Trojan horse Downloader.Zlob	C:\Documents and Settings\Paul\Local
Settings\ApplicationData\Mozilla\Firefox\Profiles\u70w4rb1.default\Cache\4796EF87d01
11/18/2007 22:11	4796EF87d01	109.64 KB

To be clear I had done nothing other than view the page so apparently
the site was taking advantage of a flaw in Firefox!!

Just thought you might want to know

Paul Mc Kenna



Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
0
Paul
11/19/2007 6:27:34 AM
mozilla.feedback.firefox 118464 articles. 8 followers. Post Follow

1 Replies
661 Views

Similar Articles

[PageSpeed] 11
Get it on Google Play
Get it on Apple App Store

On Nov 19, 6:27 am, Paul Mc Kenna <hendrix-no-replyatmozilladotorg>
wrote:
> Name:    Paul Mc Kenna
> Email:   pmckennaatfastmaildotus
> Product: Firefox
> Summary: Security flaw report
>
> Comments:
> I didn't know where else to send this......
>
> While attempting to connect to this site
>
> http://classic-media-player.citywebonline.com/11-installing-media-pla...
>
> I was quietly redirect to this site
>
> http://themymoviessite.com/movie/black/0/21/541/20/
>
> A very convincing dialogue comes up saying that an activeX plugin is
> missing and the user needs to click "continue" to download the missing
> file. I did not click anything and was simply viewing the site
> (marveling at how convincing it was) when I got a popup from my AV
> software saying that it had detected an infection.
>
> Trojan horse Downloader.Zlob    C:\Documents and Settings\Paul\Local
> Settings\ApplicationData\Mozilla\Firefox\Profiles\u70w4rb1.default\Cache\4796EF87d01
> 11/18/2007 22:11        4796EF87d01     109.64 KB
>
> To be clear I had done nothing other than view the page so apparently
> the site was taking advantage of a flaw in Firefox!!
>
> Just thought you might want to know

  I too had this. I was trying to play a music sample on one of the
(legal) .MP3 sites when
I was redirected to this site exactly as Paul describes above. That
was yesterday evening..

This morning AVG advised that I had this Zlob trojan, and cleaned it
from the system.
I've put the two sites above in my HOSTS file.

[XP Home, SP2. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:
1.8.1.9) Gecko/20071025 Firefox/2.0.0.9

Regards

--

Jim.

0
jockmcsporran
12/1/2007 10:55:29 AM
Reply:

Similar Artilces:

Security Flaw in Firefox
Name: Product: Firefox Summary: Security Flaw in Firefox Comments: Just read this: http://www.foxnews.com/scitech/2010/12/05/visited-porn-web-browser-flaw-secretly-bares/ I am not using Firefox until this security breech is fixed. I work in medicine and I do not wish my history to be collected by uncouth sites or persons. Fix this fast. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if ...

Firefox: When is a flaw not a flaw?
Published: January 7, 2005, 11:30 AM PST By Staff ZDNet UK Firefox: When is a flaw not a flaw? http://news.com.com/2100-1002_3-5517201.html *********************************************************** Quote *********************************************************** The news that the Firefox browser contains a flaw that could help cybercriminals to carry out phishing attacks stirred up plenty of reaction and discussion among readers. Security firm F-Secure warned on Wednesday that the vulnerability, which allows the URL in a Firefox download dialog box to be spoofed, coul...

Firefox 2.0.0.14 After security update Firefox report on every site it can't connect but IE7 can
Name: Ruud Email: ruuddotreinoldatbtinternetdotcom Product: Firefox Summary: Firefox 2.0.0.14 After security update Firefox report on every site it can't connect but IE7 can Comments: I installed the by Frefox 2.0.0.14 suggested security update. Since the restart it does not allow me to go to any webpage. No proxy settings, plain network connection. Can connect to intrnal and external sources throug Explorer and IE7. Started firefox in safe mode, but the same problem is there, so it does not seem to be related to any plugins The message Firefox displays is: ...

security flaw in firefox 3
Name: mike rice Email: mikenmt073atgmaildotcom Product: Firefox Summary: security flaw in firefox 3 Comments: i recieved a phishing email from someone posing as paypal. the link provided in the email: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run took to me a phishing site and firefox 3's security didnt say a thing. all that saved me was i noticed the URL wasnt paypal's at all. i have downgraded back to firefox 2 until some security flaws are worked out. fire fox 2 allows me to use my norton phishing protection toolbar which caught the scam immediately and w...

Firefox security flaw fixed
Shows "fake" Web sites. http://www.crn.com/nl/crndirect/showArticle.jhtml?articleId=60404996 -- Virg Wall ...

Password Security for Firefox (Can future version of Firefox pass all 21 security tests?)
Name: HY Tan Email: elfelleatgmaildotcom Product: Shiretoko Summary: Password Security for Firefox (Can future version of Firefox pass all 21 security tests?) Comments: http://news.softpedia.com/news/IE7-vs-Chrome-1-0-vs-Opera-9-62-vs-Firefox-3-0-4-vs-Safari-3-2-vs-Password-Security-100103.shtml Above link is not based on 3.1b2 results but hope firefox can pass all security tests to make it the leading secure browser. Speed is one area but Security is another key area where it will attract more people to switch to most secure browsers with the less loopholes :) Browser De...

Security Flaw-- Firefox tried to install virus
Name: David Wanat Email: wanat-d_at_sbcglobal.net Product: Firefox Summary: Security Flaw-- Firefox tried to install virus Comments: Tonight, when browsing the web, Firefox attempted to install a virus: JAVA_BYTEVER.R onto my computer. There was no request to install anything. The site said it wanted to install a toolbar and I clicked no, but Firefox tried to install it anyway. The site in question was: http://www.musicsonglyrics.com/T/twistedsisterlyrics/twistedsisterburninhelllyrics.htm Here is what the Java console had: load: class javainstaller.InstallerApplet.clas...

Report: implementation flaws hound wireless security
Wireless technology may be on its way to becoming ubiquitous in developed countries, but there's a tremendous difference between having a WiFi connection on every corner and having a (reasonably) secure WiFi connection on every corner. All of the modern wireless standards have their own security implementations, but the degree to which these standards are active and available can vary widely from hotspot to hotspot. If a recent report from Codenomicon is correct, simply activating the appropriate security protocols isn't nearly enough-the company has produced a report (PD...

Serious Security Flaw in Internet Explorer Reported
August 12, 2002 Microsoft Explorer May Have Flaw By THE ASSOCIATED PRESS Filed at 6:58 p.m. ET SEATTLE (AP) -- Microsoft is investigating claims that its popular Internet Explorer software has a loophole that lets attackers pose as legitimate Web site operators, potentially giving them access to computer users' names, passwords and credit card numbers. Although Microsoft said it's too soon to judge the severity of the problem -- and even whether the flaw exists -- some programmers and consultants said it could threaten the security of everything from online banking to ...

Security flaw reported in IE; M$ investigating???
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020605/ap_wo_en_bu/us_microsoft_security_flaw_1 Security flaw reported in Internet Explorer; Microsoft investigating Time: 09:19 EST/14:19 GMT | News Source: Associated Press | Posted By: Byron Hinson A security flaw in Microsoft's Internet Explorer browser could allow a hacker to take control of a remote computer if its user clicks a link to an outdated Internet protocol, a computer security firm says. Oy Online Solutions Ltd. of Finland said it notified Microsoft Corp. of the security hole on May 20 but the software ...

Security flaw in Firefox 3.0.10
Name: Nick 'nVr' Email: nvr4datramblerdotru Product: Firefox Summary: Security flaw in Firefox 3.0.10 Comments: I tried to open website http://exanthematicus.narod.ru/, then first link ("Soderzhanie") at the top of that site. Antivirus software immediately reported that two trojans are already in my %WINDIR%\SYSTEM32 folder. Website is completely in Russian. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of...

NDS General Object Reports, Security Reports, Users and Groups Reports
--____WNUBBRTGWLGTREETXZYN____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi, What snapins do I need in ConsoleOne and where do I get them to = view/use the following objects: NDS General Object Reports NDS User Security Reports NDS Users and Groups Reports Thanks. --____WNUBBRTGWLGTREETXZYN____ Content-Type: multipart/related; boundary="____VUQESAZLRJFXXVSYDDUU____" --____VUQESAZLRJFXXVSYDDUU____ Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable <HTML><HE...

Response to report on security hole with Firefox 3.6
Name: Shawn Product: Firefox Summary: Response to report on security hole with Firefox 3.6 Comments: It would be preferable for Mozilla to officially respond to reports of a security hole. At least acknowledge you have heard the report and are looking into it. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

FireFox security flaw. Probably it also affects SM
Taken from the SANS org. @RISK Security Vulnerability Alert Vol 7 Num 2, 01/07/2008 (5) MODERATE: Mozilla Firefox Basic Authentication Spoofing Vulnerability Affected: Mozilla Firefox versions 2.0.0.11 and prior Description: "Basic Authentication" is an authentication mechanism defined by the Hypertext Transfer Protocol (HTTP) specification and supported by practically all web browsers. It allows web sites to authenticate users via a username and a password. Most web browsers, including Mozilla Firefox, display the prompt for the username and password in a separate wi...

Web resources about - Security flaw report - mozilla.feedback.firefox

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Cameron Pledges $18 Billion Army Upgrade Amid Security Focus
... equipment budget by 12 billion pounds ($18 billion), the latest in a range of government commitments to fight terrorism and other security threats ...

DEUTSCHE BANK: Killing passwords is the future of security
... smart tech that knows how you hold a phone. The Financial Times reports that the bank is looking at replacing passwords with biometric security ...

Amid global terror alert, U.S. beefs up travel security
As 47 million Americans get ready to travel for the holidays, State Dept. puts out a worldwide travel alert

Deutsche Bank test password-free security
The bank hopes the system will free customers from passwords and allow it to lift limits on mobile transactions, the FT reports.

Homeland Security Can’t Properly Test Its Only Biological Weapons Surveillance System
Homeland Security Can’t Properly Test Its Only Biological Weapons Surveillance System

Dell is the latest PC maker with a gaping security flaw
Lenovo and Samsung might not be the only big Windows PC makers pre-installing software that compromises your security. Computer buyers have discovered ...

Resources last updated: 11/24/2015 10:37:27 AM