X
Tap here to go to the mobile version of the site.

Support Forum

Attack site locks Firefox 31.0 to extort money

Posted

Using release 31.0 on Mavericks OS.

I was somehow attacked and it took me to here: DO NOT OPEN THIS URL: alert24world4xi.us which locks up the Firefox browser (can't close, can't navigate away.) I forced a close only to discover when I relaunched FF I was right back at the attack site and unable to exit.

It is a fake NSA warning that demands money

I had to trash FF and reinstall.

Thanks good people! Another FF security pot hole to fill.

{

 "application": {
   "name": "Firefox",
   "version": "31.0",
   "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0",
   "supportURL": "https://support.mozilla.org/1/firefox/31.0/Darwin/en-US/"
 },
 "crashes": {
   "submitted": [],
   "pending": 0
 },
 "modifiedPreferences": {
   "accessibility.typeaheadfind.flashBar": 0,
   "browser.cache.disk.capacity": 358400,
   "browser.cache.disk.smart_size.first_run": false,
   "browser.cache.frecency_experiment": 4,
   "browser.cache.disk.smart_size.use_old_max": false,
   "browser.cache.disk.smart_size_cached_value": 358400,
   "browser.places.smartBookmarksVersion": 7,
   "browser.search.useDBForOrder": true,
   "browser.sessionstore.upgradeBackup.latestBuildID": "20140716183446",
   "browser.startup.homepage_override.mstone": "31.0",
   "browser.startup.homepage": "about:home",
   "browser.startup.homepage_override.buildID": "20140716183446",
   "browser.tabs.drawInTitlebar": false,
   "dom.w3c_touch_events.expose": false,
   "dom.mozApps.used": true,
   "extensions.lastAppVersion": "31.0",
   "gfx.blacklist.direct2d": 3,
   "gfx.blacklist.layers.direct3d9": 3,
   "keyword.URL": "http://search.yahoo.com/search?fr=spigot-adr-ffmac&ei=utf-8&ilc=12&type=576859&p=",
   "network.cookie.prefsMigrated": true,
   "network.cookie.cookieBehavior": 3,
   "places.history.expiration.transient_current_max_pages": 104858,
   "places.database.lastMaintenance": 1407802141,
   "places.history.expiration.transient_optimal_database_size": 167772160,
   "plugin.state.default browser": 0,
   "plugin.importedState": true,
   "plugin.disable_full_page_plugin_for_types": "application/pdf",
   "privacy.sanitize.timeSpan": 0,
   "privacy.popups.showBrowserMessage": false,
   "privacy.donottrackheader.enabled": true,
   "privacy.sanitize.migrateFx3Prefs": true,
   "security.warn_viewing_mixed": false,
   "storage.vacuum.last.places.sqlite": 1406956416,
   "storage.vacuum.last.index": 1
 },
 "graphics": {
   "numTotalWindows": 2,
   "numAcceleratedWindows": 2,
   "windowLayerManagerType": "OpenGL",
   "windowLayerManagerRemote": true,
   "adapterDescription": "",
   "adapterVendorID": "0x1002",
   "adapterDeviceID": "0x6741",
   "adapterRAM": "",
   "adapterDrivers": "",
   "driverVersion": "",
   "driverDate": "",
   "webglRenderer": "ATI Technologies Inc. -- ATI Radeon HD 6750M OpenGL Engine",
   "info": {
     "AzureCanvasBackend": "quartz",
     "AzureSkiaAccelerated": 0,
     "AzureFallbackCanvasBackend": "none",
     "AzureContentBackend": "quartz"
   }
 },
 "javaScript": {
   "incrementalGCEnabled": true
 },
 "accessibility": {
   "isActive": false,
   "forceDisabled": 0
 },
 "libraryVersions": {
   "NSPR": {
     "minVersion": "4.10.6",
     "version": "4.10.6"
   },
   "NSS": {
     "minVersion": "3.16.2 Basic ECC",
     "version": "3.16.2 Basic ECC"
   },
   "NSSUTIL": {
     "minVersion": "3.16.2",
     "version": "3.16.2"
   },
   "NSSSSL": {
     "minVersion": "3.16.2 Basic ECC",
     "version": "3.16.2 Basic ECC"
   },
   "NSSSMIME": {
     "minVersion": "3.16.2 Basic ECC",
     "version": "3.16.2 Basic ECC"
   }
 },
 "userJS": {
   "exists": false
 },
 "extensions": [
   {
     "name": "Craigslist Peek",
     "version": "0.544",
     "isActive": true,
     "id": "craigslistpeek@tech4computer"
   },
   {
     "name": "DownloadHelper",
     "version": "4.9.23",
     "isActive": true,
     "id": "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}"
   },
   {
     "name": "Troubleshooter",
     "version": "1.1a",
     "isActive": true,
     "id": "troubleshooter@mozilla.org"
   },
   {
     "name": "Adobe Acrobat - Create PDF",
     "version": "1.2",
     "isActive": false,
     "id": "web2pdfextension@web2pdf.adobedotcom"
   },
   {
     "name": "Adobe Contribute Toolbar",
     "version": "6.0",
     "isActive": false,
     "id": "{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"
   },
   {
     "name": "Craigslist Fusion",
     "version": "9.9.22",
     "isActive": false,
     "id": "craigslistfusion@craigslistfusion.com"
   }
 ],
 "experiments": []

}

TAB

Using release 31.0 on Mavericks OS. I was somehow attacked and it took me to here: DO NOT OPEN THIS URL: alert24world4xi<i></i>.us which locks up the Firefox browser (can't close, can't navigate away.) I forced a close only to discover when I relaunched FF I was right back at the attack site and unable to exit. It is a fake NSA warning that demands money I had to trash FF and reinstall. Thanks good people! Another FF security pot hole to fill. { "application": { "name": "Firefox", "version": "31.0", "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0", "supportURL": "https://support.mozilla.org/1/firefox/31.0/Darwin/en-US/" }, "crashes": { "submitted": [], "pending": 0 }, "modifiedPreferences": { "accessibility.typeaheadfind.flashBar": 0, "browser.cache.disk.capacity": 358400, "browser.cache.disk.smart_size.first_run": false, "browser.cache.frecency_experiment": 4, "browser.cache.disk.smart_size.use_old_max": false, "browser.cache.disk.smart_size_cached_value": 358400, "browser.places.smartBookmarksVersion": 7, "browser.search.useDBForOrder": true, "browser.sessionstore.upgradeBackup.latestBuildID": "20140716183446", "browser.startup.homepage_override.mstone": "31.0", "browser.startup.homepage": "about:home", "browser.startup.homepage_override.buildID": "20140716183446", "browser.tabs.drawInTitlebar": false, "dom.w3c_touch_events.expose": false, "dom.mozApps.used": true, "extensions.lastAppVersion": "31.0", "gfx.blacklist.direct2d": 3, "gfx.blacklist.layers.direct3d9": 3, "keyword.URL": "http://search.yahoo.com/search?fr=spigot-adr-ffmac&ei=utf-8&ilc=12&type=576859&p=", "network.cookie.prefsMigrated": true, "network.cookie.cookieBehavior": 3, "places.history.expiration.transient_current_max_pages": 104858, "places.database.lastMaintenance": 1407802141, "places.history.expiration.transient_optimal_database_size": 167772160, "plugin.state.default browser": 0, "plugin.importedState": true, "plugin.disable_full_page_plugin_for_types": "application/pdf", "privacy.sanitize.timeSpan": 0, "privacy.popups.showBrowserMessage": false, "privacy.donottrackheader.enabled": true, "privacy.sanitize.migrateFx3Prefs": true, "security.warn_viewing_mixed": false, "storage.vacuum.last.places.sqlite": 1406956416, "storage.vacuum.last.index": 1 }, "graphics": { "numTotalWindows": 2, "numAcceleratedWindows": 2, "windowLayerManagerType": "OpenGL", "windowLayerManagerRemote": true, "adapterDescription": "", "adapterVendorID": "0x1002", "adapterDeviceID": "0x6741", "adapterRAM": "", "adapterDrivers": "", "driverVersion": "", "driverDate": "", "webglRenderer": "ATI Technologies Inc. -- ATI Radeon HD 6750M OpenGL Engine", "info": { "AzureCanvasBackend": "quartz", "AzureSkiaAccelerated": 0, "AzureFallbackCanvasBackend": "none", "AzureContentBackend": "quartz" } }, "javaScript": { "incrementalGCEnabled": true }, "accessibility": { "isActive": false, "forceDisabled": 0 }, "libraryVersions": { "NSPR": { "minVersion": "4.10.6", "version": "4.10.6" }, "NSS": { "minVersion": "3.16.2 Basic ECC", "version": "3.16.2 Basic ECC" }, "NSSUTIL": { "minVersion": "3.16.2", "version": "3.16.2" }, "NSSSSL": { "minVersion": "3.16.2 Basic ECC", "version": "3.16.2 Basic ECC" }, "NSSSMIME": { "minVersion": "3.16.2 Basic ECC", "version": "3.16.2 Basic ECC" } }, "userJS": { "exists": false }, "extensions": [ { "name": "Craigslist Peek", "version": "0.544", "isActive": true, "id": "craigslistpeek@tech4computer" }, { "name": "DownloadHelper", "version": "4.9.23", "isActive": true, "id": "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}" }, { "name": "Troubleshooter", "version": "1.1a", "isActive": true, "id": "troubleshooter@mozilla.org" }, { "name": "Adobe Acrobat - Create PDF", "version": "1.2", "isActive": false, "id": "web2pdfextension@web2pdf.adobedotcom" }, { "name": "Adobe Contribute Toolbar", "version": "6.0", "isActive": false, "id": "{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" }, { "name": "Craigslist Fusion", "version": "9.9.22", "isActive": false, "id": "craigslistfusion@craigslistfusion.com" } ], "experiments": [] } TAB

Modified by cor-el

Additional System Details

Installed Plug-ins

  • Shockwave Flash 14.0 r0
  • Widevine Media Optimizer 6.0.0.12757
  • Version 5.4.2.18903
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Displays Java applet content, or a placeholder if Java is not installed.
  • Microsoft Office for Mac SharePoint Browser Plug-in
  • 5.1.20913.0
  • Web based SlingPlayer for streaming from Slingbox
  • LastPass Plugin

Application

  • Firefox 31.0
  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
  • Support URL: https://support.mozilla.org/1/firefox/31.0/Darwin/en-US/

Разширения

  • Craigslist Peek 0.544 (craigslistpeek@tech4computer)
  • DownloadHelper 4.9.23 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})
  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • Adobe Acrobat - Create PDF 1.2 (web2pdfextension@web2pdf.adobedotcom) (Inactive)
  • Adobe Contribute Toolbar 6.0 ({01A8CA0A-4C96-465b-A49B-65C46FAD54F9}) (Inactive)
  • Craigslist Fusion 9.9.22 (craigslistfusion@craigslistfusion.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription:
  • adapterDeviceID: 0x6741
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x1002
  • driverDate:
  • driverVersion:
  • info: {u'AzureContentBackend': u'quartz', u'AzureCanvasBackend': u'quartz', u'AzureFallbackCanvasBackend': u'none', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 2
  • numTotalWindows: 2
  • webglRenderer: ATI Technologies Inc. -- ATI Radeon HD 6750M OpenGL Engine
  • windowLayerManagerRemote: True
  • windowLayerManagerType: OpenGL

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.cache.frecency_experiment: 4
  • browser.places.smartBookmarksVersion: 7
  • browser.search.useDBForOrder: True
  • browser.sessionstore.upgradeBackup.latestBuildID: 20140716183446
  • browser.startup.homepage: about:home
  • browser.startup.homepage_override.buildID: 20140716183446
  • browser.startup.homepage_override.mstone: 31.0
  • browser.tabs.drawInTitlebar: False
  • dom.mozApps.used: True
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 31.0
  • gfx.blacklist.direct2d: 3
  • gfx.blacklist.layers.direct3d9: 3
  • keyword.URL: http://search.yahoo.com/search?fr=spigot-adr-ffmac&ei=utf-8&ilc=12&type=576859&p=
  • network.cookie.cookieBehavior: 3
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1407802141
  • places.history.expiration.transient_current_max_pages: 104858
  • places.history.expiration.transient_optimal_database_size: 167772160
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.default browser: 0
  • privacy.donottrackheader.enabled: True
  • privacy.popups.showBrowserMessage: False
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1406956416

Misc

  • User JS: No
  • Accessibility: No
FredMcD
  • Top 10 Contributor
900 solutions 13295 answers

The hole has been filled;

disallow Script Button {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.

The hole has been filled; '''[https://addons.mozilla.org/en-US/firefox/addon/disallow-script-button/ disallow Script Button]''' {web link} The Disallow Script button looks like a letter "M" and the title is the Minus Script, drag and drop the button on a toolbar. If the button is not displayed then nothing operates, except rules for plugins.