X
Tap here to go to the mobile version of the site.

Fóram Tacaíochta

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

Firefox and Thunderbird creates CGLog files in /tmp on my Mac. It contains a lot of info related to keyboard and mouse (keys, scrolls, clicks!) I am concerned!

Postáilte

These files mostly contains following lines:

Firefox and Thunderbird creates CGLog files in /tmp on my Mac. It contains a lot of info related to keyboard and mouse (keys, scrolls, clicks!) I am concerned!

--- flushing event log at XXXX.XXXXXXXX --- 432138.5090574 (Firefox): CGSGetNextEventRecordInternal: XXXX.XXXXXX loc (-XXXX, XXXX) conn 0xXXXXX MouseMoved win 0xXXXX (click 1)

and the most scaring:

XXXX.XXXXX (Firefox): CGSGetNextEventRecordInternal: XXXX.XXXXX loc (xxx.xx, xxx.xx) conn 0xXXX KeyDown win 0x0 flags 0xa00100 set 252 char 63233; key 125 data -2303 special 0 repeat 0 keybd 44

Why it happens? Is it dangerous? How can I turn it off?

I saw that on the latest Firefox release for Mac and on Firefox ESR 31.2.0 for Mac I saw that on Thunderbird release for Mac 31.2.0

These files mostly contains following lines: Firefox and Thunderbird creates CGLog files in /tmp on my Mac. It contains a lot of info related to keyboard and mouse (keys, scrolls, clicks!) I am concerned! --- flushing event log at XXXX.XXXXXXXX --- 432138.5090574 (Firefox): CGSGetNextEventRecordInternal: XXXX.XXXXXX loc (-XXXX, XXXX) conn 0xXXXXX MouseMoved win 0xXXXX (click 1) and the most scaring: XXXX.XXXXX (Firefox): CGSGetNextEventRecordInternal: XXXX.XXXXX loc (xxx.xx, xxx.xx) conn 0xXXX KeyDown win 0x0 flags 0xa00100 set 252 char 63233; key 125 data -2303 special 0 repeat 0 keybd 44 Why it happens? Is it dangerous? How can I turn it off? I saw that on the latest Firefox release for Mac and on Firefox ESR 31.2.0 for Mac I saw that on Thunderbird release for Mac 31.2.0

Tuilleadh mionsonraí faoin chóras

Feidhmchlár

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) Version/8.0 Safari/600.1.25

Tuilleadh Eolais

FredMcD
  • Top 10 Contributor
4229 réiteach 59022 freagra

Freagra Cabhrach

You can start with this;

Possible Mal-Ware Scan For Macs {web link}

You can start with this; '''[https://support.mozilla.org/en-US/forums/support-forum-contributors/710576 Possible Mal-Ware Scan For Macs]''' {web link}

Freagra Cabhrach

I checked my mac with Avira Antivirus - it found no threats. I performed Firefox Reset and started with vanilla new profile. I have only three add-ons active at the moment: lastpass, ghostery and abp.

Today I discovered again CGLog_Firefox and CGLog_Thunderbird in my mac's tmp folder

I checked my mac with Avira Antivirus - it found no threats. I performed Firefox Reset and started with vanilla new profile. I have only three add-ons active at the moment: lastpass, ghostery and abp. Today I discovered again CGLog_Firefox and CGLog_Thunderbird in my mac's tmp folder

Athraithe ag ssk1000 ar

FredMcD
  • Top 10 Contributor
4229 réiteach 59022 freagra

I found this. Don't know if this is related.

http://cglog.sourceforge.net/ This project is hosted by SourceForge.net. The project team describes it as:


http://systemexplorer.net/file-database/file/cglog-dll. Our database contains 2 different files for filename cglog.dl


VIRUS ? ? ? ? ?

https://forums.malwarebytes.org/index.php?/topic/60793-please-help-remove-cglogsdat-xxxxxx-uuuuuu/ Please help me.. I can't seem to find a solution to this virus


http://www.trojaner-board.de/88414-malware-trace-cglogs-dat-uuu-uuu-xxx-xxx.html

ich hab Malware auf meine Laptop. (I have malware on my laptop.)

I found this. Don't know if this is related. http://cglog.sourceforge.net/ This project is hosted by SourceForge.net. The project team describes it as: http://systemexplorer.net/file-database/file/cglog-dll. Our database contains 2 different files for filename cglog.dl ----------------- '''VIRUS ? ? ? ? ?''' https://forums.malwarebytes.org/index.php?/topic/60793-please-help-remove-cglogsdat-xxxxxx-uuuuuu/ Please help me.. I can't seem to find a solution to this virus http://www.trojaner-board.de/88414-malware-trace-cglogs-dat-uuu-uuu-xxx-xxx.html ich hab Malware auf meine Laptop. (I have malware on my laptop.)
FredMcD
  • Top 10 Contributor
4229 réiteach 59022 freagra

I have called in the big guys. Please wait for them to answer.

I have called in the big guys. Please wait for them to answer.
mbert 0 réiteach 6 freagra

No reply so far :(

I recently noticed those /tmp/CGLog_Firefox_<pid> files on my Mac, too. I feel deeply concerned because they contain sensitive data.

I have now downgraded to FF 31.0 which seems (so far) the latest FF version that does not produce these files - at least it hasn't since I installed it 10 minutes ago, all more recent ones had by this time already created these files.

Please, can you give us feedback on this?

No reply so far :( I recently noticed those /tmp/CGLog_Firefox_<pid> files on my Mac, too. I feel deeply concerned because they contain sensitive data. I have now downgraded to FF 31.0 which seems (so far) the latest FF version that does not produce these files - at least it hasn't since I installed it 10 minutes ago, all more recent ones had by this time already created these files. Please, can you give us feedback on this?

Úinéir na ceiste

I scanned my system with few different anti-viral scanners and found no malware.

I downgraded to Firefox ESR 31.2.0 but it still creates CGLog_Firefox_<pid> files in /tmp

And these files still contains key presses and clicks! Seems like I should try to upgrade to ESR 31.0, like mbert suggests and see what will happens there

UPDATE: Firefox ESR 31.0 also produce CGLog_Firefox_<pid> files. Now trying to check from absolutely fresh install, with no addons, extensions, etc

I scanned my system with few different anti-viral scanners and found no malware. I downgraded to Firefox ESR 31.2.0 but it still creates CGLog_Firefox_<pid> files in /tmp And these files still contains key presses and clicks! Seems like I should try to upgrade to ESR 31.0, like mbert suggests and see what will happens there UPDATE: Firefox ESR 31.0 also produce CGLog_Firefox_<pid> files. Now trying to check from absolutely fresh install, with no addons, extensions, etc

Athraithe ag ssk1000 ar

FredMcD
  • Top 10 Contributor
4229 réiteach 59022 freagra

I doubt this will do anything, but;

Use your file browser, and flag those files as Read Only. Maybe whatever is making these will send an error.

I doubt this will do anything, but; Use your file browser, and flag those files as '''Read Only.''' Maybe whatever is making these will send an error.
mbert 0 réiteach 6 freagra

That won't help, because for each new process a new file is created (the process ID is part of the file name).

This behaviour is a bug that has been fixed ( https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 ), let's see when the fix makes it into production code.

EDIT: no it hasn't, see my comment below!

That won't help, because for each new process a new file is created (the process ID is part of the file name). This behaviour is a bug that has been fixed ( https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 ), let's see when the fix makes it into production code. EDIT: no it hasn't, see my comment below!

Athraithe ag mbert ar

Úinéir na ceiste

I registered on Bugzilla, but they said that I am not authorized to access this bug. Could you please post, what is this issue about?

I registered on Bugzilla, but they said that I am not authorized to access this bug. Could you please post, what is this issue about?
mbert 0 réiteach 6 freagra

I think the link above is broken (there's a closing bracket messing up things). Try this link: https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 I think it should be public.

Having read over it again it seems like my original statement above (that the bug was already fixed) is incorrect. The bug has the following tracking flags:

tracking-firefox33: - status-firefox33: wontfix tracking-firefox34: + status-firefox34: verified tracking-firefox35: + status-firefox35: verified tracking-firefox36: + status-firefox36: verified status-firefox-esr31: fixed

That indicates that it does not occur on FF ESR 31, that it won't be fixed in FF 33 (current), and that no fixes are yet committed for upcoming releases.

The problem sessms to arise from the combination of yosemite and some libraries used. There is nothing malicious about it, but the fact of that file existing in your /tmp/ folder is nevertheless unacceptable and needs to be fixed.

I for myself will continue using FF 31 until the bug has been fixed in a forthcoming release.

I think the link above is broken (there's a closing bracket messing up things). Try this link: https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 I think it should be public. Having read over it again it seems like my original statement above (that the bug was already fixed) is incorrect. The bug has the following tracking flags: tracking-firefox33: - status-firefox33: wontfix tracking-firefox34: + status-firefox34: verified tracking-firefox35: + status-firefox35: verified tracking-firefox36: + status-firefox36: verified status-firefox-esr31: fixed That indicates that it does not occur on FF ESR 31, that it won't be fixed in FF 33 (current), and that no fixes are yet committed for upcoming releases. The problem sessms to arise from the combination of yosemite and some libraries used. There is nothing malicious about it, but the fact of that file existing in your /tmp/ folder is nevertheless unacceptable and needs to be fixed. I for myself will continue using FF 31 until the bug has been fixed in a forthcoming release.
the-edmeister
  • Top 25 Contributor
  • Moderator
5395 réiteach 40089 freagra

https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 is showing Access Denied for me today.

https://bugzilla.mozilla.org/show_bug.cgi?id=1092855 is showing '''Access Denied''' for me today.
mbert 0 réiteach 6 freagra

OK, so it seems the bug entry is indeed not public. Sorry, as I have access to it I expected everybody else to have. (maybe registering on the bugtracker will help)

But, really, it's not terribly interesting - it gives some technical background of interest to developers and the relevant infrormation is:

  • it's not by itself malicious
  • it can pose a risk to privacy if others gain access to your file system (e.g. through malware)
  • this effect can be observed with FF 32.0 and better in combination with OSX 10.10 (yosemite), other versions don't seem to be affected
  • it is not yet fixed for upcoming versions

I for myself have downgraded FF and will continue using my old version until the bug is fixed.

OK, so it seems the bug entry is indeed not public. Sorry, as I have access to it I expected everybody else to have. (maybe registering on the bugtracker will help) But, really, it's not terribly interesting - it gives some technical background of interest to developers and the relevant infrormation is: * it's not by itself malicious * it can pose a risk to privacy if others gain access to your file system (e.g. through malware) * this effect can be observed with FF 32.0 and better in combination with OSX 10.10 (yosemite), other versions don't seem to be affected * it is not yet fixed for upcoming versions I for myself have downgraded FF and will continue using my old version until the bug is fixed.

Athraithe ag mbert ar

mbert 0 réiteach 6 freagra

A little update:

  • According to the developers this bug is actually not an FF bug but a bug in OSX
  • They are working on a workaround
  • No announcement yet on when it will be available.
A little update: * According to the developers this bug is actually not an FF bug but a bug in OSX * They are working on a workaround * No announcement yet on when it will be available.
dveditz 2 réiteach 16 freagra

> No announcement yet on when it will be available.

In an earlier post you quoted "status-firefox34: verified". That means it will be fixed in Firefox 34. Rather than downgrade to an insecure version of Firefox you could upgrade to Beta Firefox 34. Most of the security bugs fixed in Firefox 33 could in theory be abused from a remote web page which is a far bigger risk than data logged to a file safely on your local machine.

> No announcement yet on when it will be available. In an earlier post you quoted "status-firefox34: verified". That means it will be fixed in Firefox 34. Rather than downgrade to an insecure version of Firefox you could upgrade to Beta Firefox 34. Most of the security bugs fixed in Firefox 33 could in theory be abused from a remote web page which is a far bigger risk than data logged to a file safely on your local machine.
mbert 0 réiteach 6 freagra

Good point. However when I tried FF 34 beta, the bug was still present. So it must have been fixed in the mean time. Thank you!

Good point. However when I tried FF 34 beta, the bug was still present. So it must have been fixed in the mean time. Thank you!
dveditz 2 réiteach 16 freagra

The workaround was checked in at the end of last week. I think it made it into 34 beta 9 (Friday) and it's definitely in beta 10 released today.

The workaround was checked in at the end of last week. I think it made it into 34 beta 9 (Friday) and it's definitely in beta 10 released today.
James
  • Moderator
1594 réiteach 11232 freagra

mbert, there is not one build of 34.0 Beta but several as the fix may not have been in the build you tried. On average there has been six to twelve Beta builds for a version with nine being the average in last while.

mbert, there is not one build of 34.0 Beta but several as the fix may not have been in the build you tried. On average there has been six to twelve Beta builds for a version with nine being the average in last while.

Úinéir na ceiste

I should remind, that the same bug is happening in Thunderbird.

I see CGLog_Firefox and CGLog_Thunderbird in /tmp

Yes, it might be a bug, related to Yosemite/Libs/Firefox Gecko I tested current Firefox 33 release, bug remains I tested Firefox 31, Firefox 31 ESR - same result

I should remind, that the same bug is happening in Thunderbird. I see CGLog_Firefox and CGLog_Thunderbird in /tmp Yes, it might be a bug, related to Yosemite/Libs/Firefox Gecko I tested current Firefox 33 release, bug remains I tested Firefox 31, Firefox 31 ESR - same result

Athraithe ag ssk1000 ar

jscher2000
  • Top 10 Contributor
8642 réiteach 70690 freagra

Hi ssk1000, do you want to try the Beta version of Firefox, which will be Firefox 34 upon its release in a couple of weeks? You can install that from the following page. You do not need to uninstall Firefox 33 first.*

https://www.mozilla.org/firefox/beta/all/ (scroll down to your preferred language)

Once Firefox 34 is officially released, you can switch off the beta track by getting the Firefox 34 installer from the following page (currently it has Firefox 33):

https://www.mozilla.org/firefox/all/

* Sorry, that's a Windows user talking. You might need to trash something. How to download and install Firefox on Mac

Hi ssk1000, do you want to try the Beta version of Firefox, which will be Firefox 34 upon its release in a couple of weeks? You can install that from the following page. You do not need to uninstall Firefox 33 first.* https://www.mozilla.org/firefox/beta/all/ (scroll down to your preferred language) Once Firefox 34 is officially released, you can switch off the beta track by getting the Firefox 34 installer from the following page (currently it has Firefox 33): https://www.mozilla.org/firefox/all/ ''*'' Sorry, that's a Windows user talking. You might need to trash something. [[How to download and install Firefox on Mac]]

Athraithe ag jscher2000 ar

dveditz 2 réiteach 16 freagra

Yes, we know this affects Firefox ESR31 and Thunderbird, and they will be updated with the fix at the same time Firefox 34 is released (in two weeks).

Yes, we know this affects Firefox ESR31 and Thunderbird, and they will be updated with the fix at the same time Firefox 34 is released (in two weeks).