Overclock.net › Forums › Industry News › Software News › Cross-browser Firefox/IE flaw worsens
New Posts  All Forums:Forum Nav:

Cross-browser Firefox/IE flaw worsens

post #1 of 10
Thread Starter 
Quote:
The browser flaw which allows attackers to hijack a computer by using Internet Explorer to launch Firefox is affecting other applications as well.

Security researchers Nate McFeters, Billy Rios and Raghav Dube have disclosed information and working exploit code for a similar vulnerability in Trillian.

Like the Firefox attack, the Trillian exploit uses a Uniform Resource Identifier (URI) function as the point of attack.

The URI allows the browser to launch a third-party application on the user's system in much the same way that a URL is used to access a web page...
http://www.vnunet.com/vnunet/news/21...r-flaw-expands
|Jolly Roger|
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9650 @ 4.05GHz Gigabyte GA-EP45-UD3R Rev. 1.1 BFG GTX 280 8GB OCZ Reaper PC2-8500 
Hard DriveOptical DriveOSMonitor
1TB WD Black FALS | 1.5TB SG | 500GB WD Caviar Pioneer DVD-RW/CD-RW Windows 7 Ultimate x64 27" LED & 22" LCD 
KeyboardPowerCaseMouse
Logitech G15 v2 (Orange Back lit) Corsair 750TX NZXT Zero (Full Tower w/8 120mm Fans) MX518 (aka G3) and G5 
Mouse Pad
Bitch please... 
  hide details  
Reply
|Jolly Roger|
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9650 @ 4.05GHz Gigabyte GA-EP45-UD3R Rev. 1.1 BFG GTX 280 8GB OCZ Reaper PC2-8500 
Hard DriveOptical DriveOSMonitor
1TB WD Black FALS | 1.5TB SG | 500GB WD Caviar Pioneer DVD-RW/CD-RW Windows 7 Ultimate x64 27" LED & 22" LCD 
KeyboardPowerCaseMouse
Logitech G15 v2 (Orange Back lit) Corsair 750TX NZXT Zero (Full Tower w/8 120mm Fans) MX518 (aka G3) and G5 
Mouse Pad
Bitch please... 
  hide details  
Reply
post #2 of 10
something like that would be all to easy to do in a java applet. there are many ways of opening other applications in java and i'm sure in other languages as well.
post #3 of 10
Hurry everyone, uninstall all of your communication programs before someone can hijack you! In fact, take it a step further and disconnect yourself from the internet before you can by hijacked.

I think the issue is more that people just don't adequately secure themselves from ignorance in this matter. There will ALWAYS be security holes in all programs that can be used to do whatever someone wants to do with your computer... You merely need to learn how to protect all of the chance of having a flaw used against you.
post #4 of 10
Cross-app exploits like this are always hard to pinpoint which side is at blame.

On a side note - Firefox Portable is immune! (for obvious reasons. )
     
CPUMotherboardGraphicsRAM
FX-8350 @ 4.6ghz 1.425v Sabertooth 990FX Zotac GTX 1070 Amp! 32GB (4x8GB) Kingston Fury 1866mhz CL10 1T 1.5v 
Hard DriveHard DriveHard DriveHard Drive
Hitachi 2TB - HDS723020BLA64 Crucial M500 960GB - CT960M500SSD1 WD 4TB Black - WD4001FAEX WD 4TB Black - WD4001FAEX 
Hard DriveHard DriveHard DriveHard Drive
Seagate 2TB - ST2000DM001 WD 640GB Black - WD6401AALS Seagate 6TB - ST6000DM001 Micron M500 - MTFDDAK480MAV 
Optical DriveOptical DriveOptical DriveOptical Drive
Pioneer DVR-115DBK Samsung SH-S243D/BEBE LG GH22NS90 Lite-On EBAU108 External DVD 
CoolingCoolingCoolingOS
Noctua NH-D15 Fractal Design 140mm Fan - FD-FAN-140 Fractal Design 120mm Fan - FD-FAN-120 Windows 7 
OSMonitorMonitorKeyboard
Ubuntu 14.04 LTS Samsung 2343BWX 23" (2048x1152) BenQ GW2765HT 27" IPS LCD Monitor (2560x1440) Genius Keyboard KB-G235 PA 
PowerCaseMouseMouse Pad
Seasonic Platinum 1000w PSU - SS-1000XP Fractal Design Define R5 Steelseries Rival 6500 dcpi Mousepad + Desk 
AudioAudioOtherOther
Onboard Realtek® ALC 892 Cyber Acoustics CA-2992 2.0 Speakers Razer Krait 1600 DPI nGear G-C1601 Card Reader 
OtherOther
Pisen Card Reader Gigabyte M7 Thor 
CPUMotherboardGraphicsRAM
VIA Eden C7 1200mhz Jetway J7F4K1G2ES-LF VIA Onboard 512MB PC2-4200 
Hard DriveOptical DriveCoolingOS
A-Data FlashDrive None Fanless Linux 
MonitorKeyboardPowerCase
Headless None 65w Power Brick Antec ISK300-65 
MouseAudio
None Onboard VIA 
CPUMotherboardGraphicsRAM
Barton XP-M 2400+ FJQ4C Asus A7N8X-E Deluxe 256MB BFG 7800GS OC 2x512MB Samsung PC3200 
Hard DriveOSMonitorKeyboard
Raptor 74GB/Seagate 120GB Windows 2000 Pro 60hz 17" CRT Brandless PS2 Keyboard 
PowerMouse
Antec Neo HE 550w Logitech G5 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
FX-8350 @ 4.6ghz 1.425v Sabertooth 990FX Zotac GTX 1070 Amp! 32GB (4x8GB) Kingston Fury 1866mhz CL10 1T 1.5v 
Hard DriveHard DriveHard DriveHard Drive
Hitachi 2TB - HDS723020BLA64 Crucial M500 960GB - CT960M500SSD1 WD 4TB Black - WD4001FAEX WD 4TB Black - WD4001FAEX 
Hard DriveHard DriveHard DriveHard Drive
Seagate 2TB - ST2000DM001 WD 640GB Black - WD6401AALS Seagate 6TB - ST6000DM001 Micron M500 - MTFDDAK480MAV 
Optical DriveOptical DriveOptical DriveOptical Drive
Pioneer DVR-115DBK Samsung SH-S243D/BEBE LG GH22NS90 Lite-On EBAU108 External DVD 
CoolingCoolingCoolingOS
Noctua NH-D15 Fractal Design 140mm Fan - FD-FAN-140 Fractal Design 120mm Fan - FD-FAN-120 Windows 7 
OSMonitorMonitorKeyboard
Ubuntu 14.04 LTS Samsung 2343BWX 23" (2048x1152) BenQ GW2765HT 27" IPS LCD Monitor (2560x1440) Genius Keyboard KB-G235 PA 
PowerCaseMouseMouse Pad
Seasonic Platinum 1000w PSU - SS-1000XP Fractal Design Define R5 Steelseries Rival 6500 dcpi Mousepad + Desk 
AudioAudioOtherOther
Onboard Realtek® ALC 892 Cyber Acoustics CA-2992 2.0 Speakers Razer Krait 1600 DPI nGear G-C1601 Card Reader 
OtherOther
Pisen Card Reader Gigabyte M7 Thor 
CPUMotherboardGraphicsRAM
VIA Eden C7 1200mhz Jetway J7F4K1G2ES-LF VIA Onboard 512MB PC2-4200 
Hard DriveOptical DriveCoolingOS
A-Data FlashDrive None Fanless Linux 
MonitorKeyboardPowerCase
Headless None 65w Power Brick Antec ISK300-65 
MouseAudio
None Onboard VIA 
CPUMotherboardGraphicsRAM
Barton XP-M 2400+ FJQ4C Asus A7N8X-E Deluxe 256MB BFG 7800GS OC 2x512MB Samsung PC3200 
Hard DriveOSMonitorKeyboard
Raptor 74GB/Seagate 120GB Windows 2000 Pro 60hz 17" CRT Brandless PS2 Keyboard 
PowerMouse
Antec Neo HE 550w Logitech G5 
  hide details  
Reply
post #5 of 10
Quote:
Originally Posted by Kramy View Post
Cross-app exploits like this are always hard to pinpoint which side is at blame.</sarcasm>

On a side note - Firefox Portable is immune! (for obvious reasons. )
fixed. IE=ftl. thats it. i am sick of making a perfect web page and redesigning the css using clunky javascript (switches stylesheets by browser) to make a ****ty version that works on IE6 whereas my good version works only on IE7 and FF. I DO ADMIT that IE7 is better, much better, but background image caching?! I mean come on!!! even IE 5.x DIDNT HAVE THE PROBLEM and no other browsers old or new have it but IE6/7.
    
CPUMotherboardGraphicsRAM
E6400 @ 3.6 GHz (450X8) GA P965 S3 7600GT 2GB OCZ Gold @ DDR 2 900 5-5-5-15 
Hard DriveOptical DriveMonitorPower
320GB Maxtor SATA2, 160 for XP, 160 for Slackware DVD+-RW EIDE 21" CRT by Sun Microsystems 680W Echostar 22A on 12V rail 
CaseMouse
Rosewill Black small Mid-T G5 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
E6400 @ 3.6 GHz (450X8) GA P965 S3 7600GT 2GB OCZ Gold @ DDR 2 900 5-5-5-15 
Hard DriveOptical DriveMonitorPower
320GB Maxtor SATA2, 160 for XP, 160 for Slackware DVD+-RW EIDE 21" CRT by Sun Microsystems 680W Echostar 22A on 12V rail 
CaseMouse
Rosewill Black small Mid-T G5 
  hide details  
Reply
post #6 of 10
Use Opera
-
(13 items)
 
  
CPUMotherboardGraphicsRAM
C2D 8400 / Intel Core Duo T2400 GA-G31M-S2L / Intel ATI 4850 / 7800 GT 2GB ddr2 / 2GB ddr2 
Hard DriveOptical DriveOSMonitor
2x 320Gb WD / 2x 160GB Seagate Samsung / Matsushitsu XP SP2 / Vista / Ubuntu Viewsonic 22" / 17" wide 
KeyboardPowerCaseMouse
Logitech Cheftec 500W X / Laptop Antec P180B /Laptop Logitech G5 / A4Tech X7 
Mouse Pad
Glass 
  hide details  
Reply
-
(13 items)
 
  
CPUMotherboardGraphicsRAM
C2D 8400 / Intel Core Duo T2400 GA-G31M-S2L / Intel ATI 4850 / 7800 GT 2GB ddr2 / 2GB ddr2 
Hard DriveOptical DriveOSMonitor
2x 320Gb WD / 2x 160GB Seagate Samsung / Matsushitsu XP SP2 / Vista / Ubuntu Viewsonic 22" / 17" wide 
KeyboardPowerCaseMouse
Logitech Cheftec 500W X / Laptop Antec P180B /Laptop Logitech G5 / A4Tech X7 
Mouse Pad
Glass 
  hide details  
Reply
post #7 of 10
Well in all fairness I use my internet responsibly, it is serious business, but I still caught this thing form out of no where. It just showed up one morning and took me a few hours to figure out. So even someone being cautious about these things can catch it.
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
post #8 of 10
Quote:
Originally Posted by Vicious-Deeds View Post
Use Opera
I 2nd that.
Work in progress
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 DFI DK P35-T2RS ASUS 6600GT 3GB CORSAIR XMS2 
Hard DriveOptical DriveOSMonitor
WD 250GB x 2 Samsung Sabayon_Vista_XP AL2216W 
KeyboardPowerCaseMouse
Logitech 967557 CORSAIR 550VX Centurion 5 MX518 
  hide details  
Reply
Work in progress
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 DFI DK P35-T2RS ASUS 6600GT 3GB CORSAIR XMS2 
Hard DriveOptical DriveOSMonitor
WD 250GB x 2 Samsung Sabayon_Vista_XP AL2216W 
KeyboardPowerCaseMouse
Logitech 967557 CORSAIR 550VX Centurion 5 MX518 
  hide details  
Reply
post #9 of 10
How many viruses have spawned from that function? I lost count.
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
post #10 of 10
I had Trojan.Vundo (or Virtumundo).

You can use Dr.WEB CureIt! and your Windows CD/DVD to get rid of it.

To prevent it happening again I went to Default Programs wizard and set Firefox as my browser and blocked access to Internet Explorer.
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
Mira
(17 items)
 
R a z a N e u n
(15 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i5 2400S ASRock Z77 Extreme 4 AMD Radeon R9 390 Crucial Ballistix Tracer 
Hard DriveHard DriveOptical DriveCooling
Samsung SSD 850 Pro 256GB Western Digital WD50000LPLX LG BR/DVD/CD Burner Air Nation 
OSMonitorMonitorMonitor
Windows 10 Home RCA 32" 1080p RCA 32" 1080p LG 32" 1080p 
KeyboardPowerCaseMouse
Cooler Master Devastator II Ultra 1000w PC Voodoo Rage Cooler Master Devastator II 
Mouse Pad
Custom 
CPUMotherboardGraphicsRAM
Intel Core 2 Quad Q8400 EP45-UD3L ATI Radeon HD 6950 Crucial Ballistix Tracer 
Hard DriveOptical DriveCoolingOS
1TB Western Digital LiteON DVD+-RW ArcticCooling CPU | 4x 80mm Case Fans Windows 7 Ultimate (64bit) 
MonitorKeyboardPowerCase
Sony 46" + LG 32" Logitech G15 Silverstone ST60F 600W VoodooPC Rage D:100 
MouseMouse PadAudio
Logitech VX Revolution Vera Wang AltecLansing 5.1 300W Surround 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › Cross-browser Firefox/IE flaw worsens