Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Firefox

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
taffy078 Firefox
Contributor 7th Apr, 2010 22:58
Ranking: 408
Posts: 1,340
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
It seems only a couple of weeks ago that Mozilla fixed a problem by releasing 3.6.2.
Just now, Secunia picked up another vulnerability and I've just downloaded 3.6.3.

For what it's worth, according to my Ad-Watch Live (Adaware) the malicious file was identified as Firefox%20Setup%203.6.3[1].exe.
The process that accessed the file was Trojan.Win32.Generic!BT(19135788).

None of the info in the previous paragraph means anything to me but may be useful?
PS Is it possible that the "BT" at the end of the process name could mean British Telecom, my ISP provider?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

Maurice Joyce RE: Firefox
Handling Contributor 7th Apr, 2010 23:37
Score: 11771
Posts: 9,029
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Nothing to do with BT as an ISP.

Trojan.Win32.Generic!BT

Summary
Trojan.Win32.Generic!BT is a generic risk that covers a wide variety of unwanted and malicious applications that have been identified by VIPRE's signature-based, heuristic, or behavioral detections.

I suspect Lavasoft are saying the same thing?

I thought Firefox was now secure again?


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
taffy078 RE: Firefox
Contributor 8th Apr, 2010 00:10
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hello Maurice. Yes - it came as a shock to me that this problem came to light so soon after Firefox was updated (& after claims Secunia had got its call wrong!).

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Firefox
Contributor 8th Apr, 2010 00:13
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 8th Apr, 2010 00:14
just found this in the 'Advisories' section. Way above my head but it shows someone was on the ball!

http://secunia.com/advisories/39175/

PS I should have addedthat my initial post contained what Lavasoft's Ad-Watch message said.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Firefox
Handling Contributor 8th Apr, 2010 00:53
Score: 11771
Posts: 9,029
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Hello Taffy,
Given that U have posted this to an area normally used by Secunia Staff to report known vulnerabilities & members to report possible vulnerabilities I am not sure what U are trying to tell us.

One thing for certain it is nothing to do with BT as an ISP.

Are Lavasoft telling us:

1.If U do not update from V 3.6.2 to 3.6.3 the outcome could be importing this Trojan?

2.That Mozilla included the Trojan during the set up of V3.6.2 update? Not too sure they would be happy with that suggestion!

3.Should members be looking for the rogue file, is it a Lavasoft false positive or just duplicate information for Lavasoft users only?

4. Did it actually find the rogue file on your PC using V3.6.2?


U have not published what Lavasoft Support have said so it is a bit of a guessing game.








--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
taffy078 RE: Firefox
Contributor 8th Apr, 2010 08:36
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Good morning, Maurice.

(1) "Given that U have posted this to an area normally used by Secunia Staff to report known vulnerabilities & members to report possible vulnerabilities".

I wasn't aware that 'Vulnerabilities" was used for this - I'm rather new to all this!
SECUNIA - can you move this to another forum, please?

(2) What I was trying to do was to report that last night two things happened more or less at the same time:
(a) Secunia flashed up an alert about Firefox - this surprised me given it is so soon after the recent major spat / release of a fixed version.
And
(b) Lavasoft's AdWatch Live also picked up the problem, and flashed up an explanation, the one I posted in my initial post.

(3) Secunia are saying there is a threat in v 3.6.2 and so users should update to v 3.6.3. The Secunia experts will have have to advise whether Mozilla either included the trojan during the set-upof the v 3.6.2 or left a vulnerability that someone has used to get the trojan in. Perhaps that's what the Advisories item means - it's way over my head! ;0).

(4) Regarding your 3.Should members be looking for the rogue file, is it a Lavasoft false positive or just duplicate information for Lavasoft users only?

4. Did it actually find the rogue file on your PC using V3.6.2?

I must leave that to the Secunia experts to advise. I'll look at the Lavasoft site later to see if that points to anything. But as Secunia PSI picked it up doesn't it mean that the problem is with Mozilla, not Lavasoft, that Lavasoft was merely doing what Secunia did - spotting a big problem?


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
taffy078 RE: Firefox
Contributor 8th Apr, 2010 08:43
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I've found this from Mozilla, Maurice:

http://www.mozilla.org/security/announce/2010/mfsa...

Does this explain it?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
This user no longer exists RE: Firefox
Member 8th Apr, 2010 09:24
on 8th Apr, 2010 08:36, taffy078 wrote:

I wasn't aware that 'Vulnerabilities" was used for this - I'm rather new to all this!
SECUNIA - can you move this to another forum, please?


It's not ;)
Thread moved.
Was this reply relevant?
+0
-0
taffy078 RE: Firefox
Contributor 8th Apr, 2010 10:26
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 8th Apr, 2010 10:27
Thank you Emil! That was quick. I hereby promise not to wander into here again!!

I hope the rest of what I posted was correct viz that it seems to be an issue with Firefox, not Lavasoft.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer