New Firefox Attack

Learn about Computer Security General Security Questions and Comments
1

New Firefox based attack.

Meanwhile back in IE land, same ol’ same ol’. The never ending story.

http://www.theinquirer.net/inquirer/news/1588436/microsoft-ie-flaws

Just some news.

Bad

2

Thats why you need to have your browser sandboxed ;D No matter what the browser.

3

Hi Bad Frogger,

Thanks for the news (bad news :D)

Cheers!

Hi Kyle,

I am not sure that any SandBoxing may help here 88)

That is about accessing ports
You are using browser and “going out”
How SandBox can prevent from joining networks and flooding /spamming channels?

Cheers!

4

Mitigated by NoScript extension.

Or if you use Linux, via iptables as discussed in the following article.
=> http://encyclopediadramatica.com/Firefox_XPS_IRC_Attack

This is far different to Internet Explorer, where an exploit there leads to a system compromise!

5

Yup No-Script is one of the best, if not the best thing to use along with Firefox. Either way, I never use IRC anyway.

6

Hi aussiebear ,

Indeed…

As it was pointed in some discussions in this forum and in “other places” - all of the existing browsers have security holes that can be found and exploited
at the same time if you compare the the frequency; severity of those and time it takes to respond I cannot imagine how some users are considering IE being safe (I’ve even seen the the remark in the forum - “the safest browser” :o)

Hi AyeAyeCaptain,

As far as I got it you should not necessarily use IRC - you are joining… unwillingly, and after that you are not chatting per se …

Please correct me if I’m wrong

Cheers!

7

If I understand correctly, using the Comodo Firewall and configuring Firefox’s Network Security Policy as “web browser” prevents Firefox from access ports other than HTTP, FTP and DNS.

I also like NoScript

8

:-TU

But instead of NoScript i prefer


psexec.exe -l -d "C:\Program Files\Mozilla Firefox\firefox.exe"

to drop admin privileges of Ff on admin account in order to prevent more serious malicious scripts doing harm to the system (as Ff is trusted by Defense+ it will allow it to do anything in Safe mode).

9

You should specify, everyone does not know about it, that psexec is not a windows default executable but part of the sysinternal pstools.

I see no reason to use it in such a situation, as everyone should run everything under limited account.

And i don’t see either why Firefox should be globally trusted by defense+.

10

I’ve uploaded the attack code for the firefox attack( To comodo) a while ago. If your using Comodo’s anti-virus then your safe. If firefox finally fixed it that would even be better

I also remove the link to the code in malware research group here (for those that have access to it) after comodo got the copy of it. So please don’t ask me for it :slight_smile: