WARNING: FireFox isn't bullet proof

[SHIPPOU]

I used firefox for some time now with no real problems, until I gotten a call this morning from my bank ....over $760 USD was missing from my bank acount....any way after straiting that out (putting a freeze on my bank card) i went in and did some hard looking for varniabilities on my system. I found Firefox was spoofed. What i had was called a crome spoof, it basically replaces FF with it's self, looks and acts like FF, but the malware controles the browser. A good way to tell if u have gotten it is when u visit an infected web page, your browser window does a wierd minumization that looks like this (i know i did the example with IE) Any way, I compleatly removed FF, and found the crome files were still there, so I manually deleated those. Did a full system scan (trend micro), and i found other interesting things in my 'puter ..... In short, do not put your blind faith in FF to keep nastys out. There are a lot of junk out there that targets FF now.

[Mercifull]

I have not heard of this before, please provide more details. I found no information on Mozilla or Google on the description you have made.

 

 

 

You arnt really making much sense right now and your screenshot doesnt give any insights

[Mercifull]

Ever considered that its a pebcak?

 

 

 

Any kind of Firefox modification had to be explicitly granted permission to run and install. You obviously clicked yes to install some kind of malware.

 

 

 

Your typo's arnt really helping either. You say it was a "crome spoof" and i presume you mean "Chrome spoof" but I found nothing like you describe on google for that either.

[SHIPPOU]

i minute later..I some how knew you would defend FF, and clame it is flawless...

Greyhats said an attacker can first use frames and a JavaScript history flaw to make it appear that a software installation is being triggered from add-ons.update.mozilla.org.

 

 

 

 

 

 

 

As the JavaScript is executed from the chrome, it has "full chrome privileges" and can "do anything that the user running Firefox can."

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

http://mozillazine.org/talkback.html?article=6582 <== more detales into the Chrome bugs.

 

 

 

[SHIPPOU]

i do not run Linex, but for those that do http://www.crime-research.org/news/22.09.2005/1508/

[Mercifull]

I'm not saying that it is invulnerable but simply that I have never heard of such an exploit before. The bugs that you have linked too are all fixed in the latest version of Firefox too

[SHIPPOU]

I'm not saying that it is invulnerable but simply that I have never heard of such an exploit before. The bugs that you have linked too are all fixed in the latest version of Firefox too

may be, but not every one has the latest version, and once you have the Chrome bug, you will not see the update symbol. I dug up domane name exploit found some time in early setpember. http://news.com.com/Hackers+work+to+exp ... &subj=news

[SHIPPOU]

here is a very detaled report on 7 recent exploits http://secunia.com/advisories/16911/

[Mercifull]

If you dont patch its your own fault. The vulnerability was discovered on a thursday and patched on a Friday. the chances of somone getting caught by it were incredibly slim unless they are careless with their security.

 

 

 

"At the time the flaw details were disclosed, there were no known exploits for the vulnerability"

 

 

 

I dont belive however that this is the exploit that got you. It certainly doesnt have any relation to the symptoms that you say you had.

 

 

 

It relates to a type of domain name for special characters. In order to get exploited by this you would have to 1. Be infected with this bug, 2. Get sent a phishing email requiring you to enter your info into a bogus site and, 3. Give the fraudsters your details.

 

 

 

 

 

 

 

edit: again in the link that you posted all exploits fixed in 1.0.7

[Augsback]

Nothing is bullet proof. :wink:

[Hannibal]

Blaming a program when you are the one falling for a scam AND not installing security updates is stupid at best.

 

 

 

 

 

 

 

And nobody said Firefox doesn't have any flaws - it has less flaws than Internet Explorer, and it's been quicker at fixing those flaws than the people at Microsoft have been in fixing IE. Of course, if you don't update...

[Bubsa]

Pretty serious stuff this and first and foremost I hope you're problems have ceased.

 

 

 

 

 

 

 

However, it's just like Windows Update. Don't keep that up to date and no firewall in the world is going to save you, the same for your browser.

[jal91]

Firefox never claimed to be "bullet proof", there is always some way around something. It is better than most browsers though.

[Ryan]

I used firefox for some time now with no real problems, until I gotten a call this morning from my bank ....over $760 USD was missing from my bank acount....any way after straiting that out (putting a freeze on my bank card) i went in and did some hard looking for varniabilities on my system. I found Firefox was spoofed. What i had was called a crome spoof, it basically replaces FF with it's self, looks and acts like FF, but the malware controles the browser. A good way to tell if u have gotten it is when u visit an infected web page, your browser window does a wierd minumization that looks like this (i know i did the example with IE) Any way, I compleatly removed FF, and found the crome files were still there, so I manually deleated those. Did a full system scan (trend micro), and i found other interesting things in my 'puter ..... In short, do not put your blind faith in FF to keep nastys out. There are a lot of junk out there that targets FF now.

 

 

 

 

 

 

 

What is "straiting" and "varniabilities" and "minumization"? I knew your spelling was always bad, but now you're just making up words.

 

 

 

 

 

 

 

Of course no one is going to assume FF is 100% safe. As it gains popularity there will be more attacks on it. IE is still the most popular so that's why it is constantly being exploited.

[runesmithie]

 

I used firefox for some time now with no real problems, until I gotten a call this morning from my bank ....over $760 USD was missing from my bank acount....any way after straiting that out (putting a freeze on my bank card) i went in and did some hard looking for varniabilities on my system. I found Firefox was spoofed. What i had was called a crome spoof, it basically replaces FF with it's self, looks and acts like FF, but the malware controles the browser. A good way to tell if u have gotten it is when u visit an infected web page, your browser window does a wierd minumization that looks like this (i know i did the example with IE) Any way, I compleatly removed FF, and found the crome files were still there, so I manually deleated those. Did a full system scan (trend micro), and i found other interesting things in my 'puter ..... In short, do not put your blind faith in FF to keep nastys out. There are a lot of junk out there that targets FF now.

 

 

 

 

 

 

 

What is "straiting" and "varniabilities" and "minumization"? I knew your spelling was always bad, but now you're just making up words.

 

 

 

 

 

 

 

Of course no one is going to assume FF is 100% safe. As it gains popularity there will be more attacks on it. IE is still the most popular so that's why it is constantly being exploited.

 

 

 

 

 

 

 

No need to embiggen yourself by putting down perfectly cromulent words :?

[Vape]

i went in and did some hard looking for varniabilities on my system. I found Firefox was spoofed.

How did you decide upon that? What exactly do you mean by that?

 

 

 

What i had was called a crome spoof, it basically replaces FF with it's self, looks and acts like FF, but the malware controles the browser.

A crome spoof eh? If it really is called that, then I'm sure google would return more than 0 results. Or perhaps you typoed and meant "Chrome spoof," but no... that only returns two useless results, with nothing at all related to browsers, security, or Firefox.

 

 

 

Any way, I compleatly removed FF, and found the crome files were still there, so I manually deleated those.

You mean the files in C:\Documents and Settings\%username\Application Data\Mozilla\Firefox\Profiles\8dgtrndm.profilename\chrome ? They're the files that control what your browser looks like, and where extensions and themes add bits to the user interface. Just because you have files called "chrome" doesn't mean you have a problem. They're left there on purpose after you uninstall so that people who are uninstalling and reinstalling don't lose their bookmarks, cookies, settings etc. What was it about these files that lead you to believe they were suspicious?

 

 

 

Did a full system scan (trend micro), and i found other interesting things in my 'puter

Perhaps you'd like to enlighten us as to the names of these other interesting things, maybe these are the source of your problem?

 

 

 

In short, do not put your blind faith in FF to keep nastys out.

Sound advice. Nobody should ever put blind faith in anything. Every computer should have a firewall, antivurs software, antispyware software and a secure web browser, such as Firefox.

 

 

 

There are a lot of junk out there that targets FF now.

That is rather incorrect. I personally have never seen ANY Firefox exploits in the wild, although I daresay there would be a few sites which might target older versions of Firefox. This hardly qualifies as "a lot" though. (Unless of course you want to be picky and say that's it's a comparitive statement, in which case it is meaningless since you didn't say what you were comparing it to.)

 

 

 

i minute later..I some how knew you would defend FF, and clame it is flawless...

Actually I don't see merc claiming Firefox is flawless it all. As for him defending it, what did you expect, everyone just to sit back and let you tell the world whatever you think? You're posting in a public forum, people are going to have different opinions than you. (NB: People tend to argue with you more often when you're wrong.)

 

 

 

 

 

 

 

So you're just scrambling wildly pointing out exploits in Firefox which have all been promptly fixed. If you were running the latest release of Firefox (1.0.7) then none of these exploits would have applied.

 

 

 

 

 

 

 

Most Ignored Poster in this Forum

I wonder why?

 

 

 

 

 

 

 

Oh and merc, lol :lol: I learnt a new acronym :D

[Mementh]

sorry to hear about it but it looks like your bank took care of it for you

 

 

 

 

 

 

 

 

 

 

 

make sure oyu got your rs password and tip.it password changed

 

 

 

 

 

 

 

 

 

 

 

also this BUG was fixed in 1.0.7 of firefox.. since the bug was out for less then a day its kinda silly not to have patched..

 

 

 

 

 

 

 

 

 

 

 

now you can ALWAYS go to the firefox site yourself to check on updates...

 

 

 

 

 

 

 

 

 

 

 

wait.. heading there now http://www.mozilla.org yep.. i gott he latest version..

 

 

 

 

 

 

 

 

 

 

 

ez as pie.. now you do it :)

 

 

 

 

 

 

 

 

 

 

 

i want to point something out here that steve gibson from http://www.twit.tv mentioned.. is that open source can win hands down only because you know as much as the enemy.. its not a knowlage its just is a who can figure it out better

 

 

 

 

 

 

 

knowing virus/malware writers know exactly what you do is better then you knowing dittily squat... if you know what they know then you know how to protect yourself.. or at least the program writers have a reason to protect you

[singblade]

This had me as scared as hell, until near the bottom of that news article I read that Mozilla will soon provide a "1.0.4" patch. Knowing I have the 1.0.7 version gave me a sigh of relief. For those too lazy to click links,

 

 

 

This exploit affects: Firefox 1.0.3, Mozilla Suite 1.7.7

 

 

 

Fixed in: Firefox 1.0.4, Mozilla Suite 1.7.8

 

 

 

Source of this info: http://www.mozilla.org/security/announc ... 05-42.html

[runesmithie]

On another note, I got an automatic update notifier today while using 1.5rc2 :o

 

 

 

 

 

 

 

Spiffy ;)

[Vape]

On another note, I got an automatic update notifier today while using 1.5rc2 :o

 

 

 

 

 

 

 

Spiffy ;)

It's RC3 :D

 

 

 

Note: It doesn't say anything in the application about being called "RC3" because if no bugs are found in it, it will be released as 1.5. Fixes included are a couple of crash bugs and some bugs on apple's OS/2.

 

 

 

 

 

 

 

Useragent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

[runesmithie]

 

On another note, I got an automatic update notifier today while using 1.5rc2 :o

 

 

 

 

 

 

 

Spiffy ;)

It's RC3 :D

 

 

 

Note: It doesn't say anything in the application about being called "RC3" because if no bugs are found in it, it will be released as 1.5. Fixes included are a couple of crash bugs and some bugs on apple's OS/2.

 

 

 

 

 

 

 

Useragent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

 

 

 

 

 

 

 

Useragent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

[Vape]

 

 

On another note, I got an automatic update notifier today while using 1.5rc2 :o

 

 

 

Spiffy ;)

It's RC3 :D

 

 

 

Note: It doesn't say anything in the application about being called "RC3" because if no bugs are found in it, it will be released as 1.5. Fixes included are a couple of crash bugs and some bugs on apple's OS/2.

 

 

 

 

 

 

 

Useragent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Useragent is Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4

That's Firefox 1.5 beta 1. Since then there have been at least one other beta release, and RC1 and RC2 and now RC3. I believe there may have been a bug in that beta with software update which has been causing you not to get updates. I suggest you download the latest release candidate from the Firefox project page. Hopefully, after you've downloaded that you'll never have to download a complete 5 meg Firefox ever again, as the new software update downloads patches containing only the parts of the browser which have been changed :)