Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Firefox Spyware infects IE?

  • Please log in to reply
4 replies to this topic

#1 Ronbo


  • Members
  • 333 posts
  • Gender:Male
  • Location:Directly above the center of the Earth
  • Local time:12:58 PM

Posted 13 March 2005 - 05:49 PM

I have been watching this issue unfold since last Wednesday and am really surprised it has not been posted here yet. BC's own paperghost has documented a method by which IE is attacked through browsers such as Mozilla, Firefox, Netscape, and Avant if the user has Sun Java Runtime Environment installed on their computer.

This attack occurs because

The developers of this install are using the Java Runtime Environment, the initial installer taking the form of a Java applet rather than an Active X component inherent to IE alone. In this way, if the browser being used can recognize and install the applet, then it doesn't seem to matter what browser you're using, or (more worryingly) how tight your IE security is.


I would recommend reading paperghost's article at the above link for the full story and don't forget to read the comments posted in response to it.

Here is a link to spywareinfo's newsletter where some people who appear to be in denial of the true meaning of this issue are basically slamming paperghost.


It is rather disheartening that some parts of the Mozilla/Firefox community are resorting to such tactics as you see in the spywareinfo article and some of the comments in response to the original blog, but it is unfortunately understandable given the well known human trait to shoot the messenger while denying the obvious. Right now that messenger appears to be paperghost.

Here are links to his response to this article at both Vital Security and Spywareinfo:

paperghost's blog:

spywareinfo forums:

I am writing this to tell paperghost that he is doing a good job, some of us understand what is going on, keep a stiff upper lip and the truth will win out in the end. :thumbsup:

By the way, sorry to steal your title but it does catch the eye like a good article's title should. :flowers:
There is no justice, there is just us.

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:58 AM

Posted 13 March 2005 - 08:17 PM

And if the user clicks the YES botton, to allow the install.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,639 posts
  • Gender:Male
  • Location:USA
  • Local time:01:58 PM

Posted 13 March 2005 - 10:05 PM

I agree. I do not think there is anything wrong with Paperghost's analysis and it is cleary stated that this is a cross-browser/java issue and not a problem with Firefox itself.

Oh well, there will always be some people who have to take a different stance for whatever their reasons.

#4 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:58 PM

Posted 14 March 2005 - 06:53 AM

Below is a copy of my comments from yesterday in the security AumHa forums on this topic

Excellent comments - as there is no such thing as a safe browser.

Personally, I use Firefox 1.0.1 and Opera 8 beta as complementary browsers to IE. It's mainly to test out newly developed web pages for compatibility and for some of the state-of-the-art features they offer. It ain't because I see IE being a lot less secure.

Still, a "hardened" IE from a security perspective remains my default browser and I just simply use the others as tools. IE is more than a browser as it's the underlying Windows interface to TCP/IP related Internet processing (so those who uninstall and rip out IE are asking for trouble). You can see this in a 43MB install base verses 4.6MB for Firefox or 3.5MB for Opera 8 (the free adbar version).

Currently, Opera and Firefox can be seen as being a little safer than IE from a security perspective, mainly because there are very few in-the-wild exploits or even adware/spyware that impacts either browser. Still, when it comes down to the actual code, anything can be vulnerable and thus security firms are uncovering these as noted by Secunia and other firms.

IE is UNSAFE if you fail to keep it updated from a security perspective (so are the other browsers, as you have to patch the roof before it rains). Also, Microsoft has some bad "out-of-the-box" default settings (e.g., automatically allowing signed ActiveX objects to be transparently installed) that can be easily adjusted. Here's a link:

Internet Explorer - Quick & Easy Method to improve security

Finally, the most important thing a user can do is "think before they click" as there are 40-50 new viruses created daily and new adware/spyware exploits emerging. As Firefox continues to grow in popularity beyond it's 27 million user base, I'm certain that malicious folks will start attacking it even more so in the future.

#5 paperghost


  • Members
  • 156 posts
  • Gender:Male
  • Local time:12:58 PM

Posted 14 March 2005 - 10:07 AM

hi Harry - do you have the link to the topic on that particular forum?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users