need to report a vulnerability in java in firefox
Hello, I am managing a website for a client. Noticed today that there are links showing up at the end of one of our pages, but only with FireFox 4.01. Earlier versions and IE to not show the links.
We are thinking it is a java script vulnerability. Just started today. Directions to view it below.
go to americanaexchange.com Click on AEMonthly (top right of the page)
Next page, right on side, in the search box put in Potter, run the search (any search will work but we are using this one)
On the next page click on the Read More button for any of the results.
Next page look at the bottom of the page and you will see all the links for the drug advertisement.
We are checking everything on our end. We have an excellent team that runs the firewall and the security and they are looking.
Again, the links only show up in FireFox 4.01. No other browser, and so far only this page.
If you know of an issue, please let us know.
Additional System Details
Not sure how often
This started when...
- Shockwave Flash 10.3 r181
- Next Generation Java Plug-in 1.6.0_24 for Mozilla browsers
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
- Adobe PDF Plug-In For Firefox and Netscape 10.0.1
- User Agent: Mozilla/5.0 (Windows NT 5.2; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Tested with FireFox 4.01, 64 bit windows and Unix. Both show the links.
Earlier versions for Mac and PC do not show the links. Tried 3.09 and 3.15 version. Links are not there.
Links do not show in any IE versions that we tested.
Let me know if you can help.
Those links are in your page in Firefox 3.6 and IE8, but you can't see them. In those browsers, you can confirm by using their view source feature and searching for:
Because Firefox 4 has a stricter interpretation of HTML, the intended hiding of that content does not work. (Specifically, the code places a <p> inside a <span> which technically is not permitted.)
To compare Firefox 4 without the new rules, you can turn off the HTML5 parser like this:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the filter box, type or paste html5 and pause while the list is filtered
(3) Double-click html5.parser.enable to toggle it to false (line should turn bold).
Then reload the problem page and the links should be hidden again.
So this suggests your server application has been exploited, perhaps by an include in one of your templates.
Modified by jscher2000