Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Malware Exploit On Linux


  • Please log in to reply
12 replies to this topic

#1 buddy215

buddy215

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 PM

Posted 07 August 2015 - 09:17 AM

Most will receive Firefox update to 39.0.03....VERY important to install it. Got mine this morning on Ubuntu.

 

Mozilla urges users to update Firefox with file stealing exploit in wild | ZDNet

 

QUOTE a bit of the article:

"The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox's PDF Viewer," wrote Mozilla security lead Daniel Veditz in a blog post.

"The vulnerability does not enable the execution of arbitrary code, but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files."

According to Veditz, the payload searches for subversion, s3browser, Filezilla, and libpurple configuration files on Windows systems; whereas on Linux, the payload looks through global configuration files in /etc/ as well as .bash_history, .mysql_history, .pgsql_history, .ssh files, any text files with "pass" and "access" in the names, and any shell scripts.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:56 PM

Posted 07 August 2015 - 05:44 PM

Thanks buddy, when I booted my PC this morning, Ubuntu updated my Firefox.



#3 pcpunk

pcpunk

  • Members
  • 5,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 07 August 2015 - 06:18 PM

:thumbup2:


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#4 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 PM

Posted 07 August 2015 - 07:00 PM

pcpunk...I tried to send you a PM but it says...The member pcpunk cannot receive any new messages

You probably need to delete a bunch of PMs...there is only a small storage alloted

 

This is what I tried to send:

You should edit your sig....:)
not begginer...beginner
I know...picky, picky
BUDDY


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 SuperSapien64

SuperSapien64

  • Members
  • 850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 08 August 2015 - 09:24 PM

But what does this mean for KDE distros like Netrunner I stuck on version 37 yet. And I doubt that a good sandbox would help any against this exploit. BTW buddy215 I really like your avatar. :thumbup2:



#6 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 PM

Posted 08 August 2015 - 09:50 PM

Install a different browser.......disable the built-in pdf reader....two possible fixes. Then there is installing a different distro.

How to disable the built-in PDF viewer and use another viewer | Firefox Help

 

Using the NoScript add-on protects from driveby installs of malware....not sure about this particular piece of malware.

 

Of course, don't visit any Russian websites...particularly news sites...that was the only site mentioned. That could change, though.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:56 PM

Posted 08 August 2015 - 10:02 PM

I do not know if this will work in Netrunner or not.

 

This is a trick I pulled to update firefox in puppy Linux a while ago.

 



#8 SuperSapien64

SuperSapien64

  • Members
  • 850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 08 August 2015 - 11:29 PM

I do not know if this will work in Netrunner or not.

 

This is a trick I pulled to update firefox in puppy Linux a while ago.

 

This is what I found on the Netrunner forums enter: sudo apt-get update

sudo apt-get install firefox-plasma but unfortunately that doesn't work for me? And I need the Plasma version of Firefox for KDE.



#9 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 PM

Posted 09 August 2015 - 05:59 AM

You may be able to get the latest by adding this ppa.....releases : “moz-plasma” team

Looks like your version is included...not sure...

 mozilla-kde-support

0.6.4~git20150413+14-0ubuntu0~ppa14~ubuntu14.10.1 moz-plasma (2015-05-07)

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 SuperSapien64

SuperSapien64

  • Members
  • 850 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 09 August 2015 - 11:56 AM

 

You may be able to get the latest by adding this ppa.....releases : “moz-plasma” team

Looks like your version is included...not sure...

 mozilla-kde-support

0.6.4~git20150413+14-0ubuntu0~ppa14~ubuntu14.10.1 moz-plasma (2015-05-07)

 

Thanks buddy215. OK I'll try this https://launchpad.net/~plasmazilla/+archive/ubuntu/releases but before I do that I'm going to install Timeshift but I'm not sure if Timeshift backs up the ppa's or not. And I might wait and see what the Netrunner forums have to say about this ppa.



#11 buddy215

buddy215
  • Topic Starter

  • BC Advisor
  • 12,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 PM

Posted 09 August 2015 - 12:40 PM

It's one of those things that one might want to test either in a VM or on a flash drive with your OS installed as persistent....persistent means it has the ability to retain

changes and files up to 4 GB of storage...in case you don't know what persistent means.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 pcpunk

pcpunk

  • Members
  • 5,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:56 PM

Posted 09 August 2015 - 09:13 PM

pcpunk...I tried to send you a PM but it says...The member pcpunk cannot receive any new messages

You probably need to delete a bunch of PMs...there is only a small storage alloted

 

This is what I tried to send:

You should edit your sig.... :)
not begginer...beginner
I know...picky, picky
BUDDY

Done, but not the Sig, I still feel like a beginner!


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,998 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:56 PM

Posted 10 August 2015 - 05:10 AM

Buddy, thanks for the heads up! :thumbsup:

 

I have been busy with Windows computers (one not my own) for the last couple of days, haven't booted into Linux installs period, but I do know that that Update symbol means. To update the OS. Firefox happened to be one.of the three updates needed.

 

Cat                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users