Is it possible firefox has been comprimised
Out of all the hundreds of websites I regularly visit each week, two websites flag the exact same security warning on Zone Alarm every single time I visit them, and I have never gotten this warning anywhere else at any other website. I am already aware these two websites are not to be trusted so I suspect they have engineered something to compromise the Firefox web browser. Zone Alarm pops up a warning that "Firefox is attempting to monitor user activities on this computer. If allowed it may try to track or log keystrokes (user input), mouse movements/clicks, websites visited, and other user behaviors." A screen-cap of the Zone Alarm warning is attached. I deny this action in Zone Alarm every time it happens. Let me again emphasis this happens nowhere else, only at these two sketchy websites I occasionally visit and it happens every single time I go there and my concern is that they have embedded something in their webpages compromising the Firefox web browser.
All Replies (5)
Hi catrike, thank you for flagging this. By default, Firefox runs with reduced privileges and divides pages into different processes to try to prevent pages from compromising your system. However, flaws are discovered and fixed on a regular basis, so it's possible the site found a new weakness and if that is the case, hopefully it will be fixed soon.
Meanwhile, it seems ZoneAlarm is on the job.
Could you review your extensions? You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- Command+Shift+a (Windows: Ctrl+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
- type or paste about:addons in the address bar and press Enter/Return
In the left column of the Add-ons page, click Extensions. On the right side, find the "Manage Your Extensions" heading.
Then cast a critical eye over the list below that heading (but not in the Recommended Extension section). Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove). For your privacy and security, don't let mystery programs linger here.
jscher2000 thanks for responding. I actually don't have any extensions but I went and double checked to make sure none had slipped in without my knowledge and there aren't any. There is one plugin: "OpenH264 Video Codec provided by Cisco Systems, Inc. This plugin is automatically installed by Mozilla to comply with the WebRTC specification and to enable WebRTC calls with devices that require the H.264 video codec. Visit https://www.openh264.org/ to view the codec source code and learn more about the implementation."
I wish we had more specific information on what ZoneAlarm is detecting so we could consider other things. ??
jscher2000 I contacted ZoneAlarm support chat, explained the situation to Nick and gave him a link to this thread. He looked at the thread and the screen-caps, asked a number of questions and said he would escalate the issue and email me when he found something out. The initial response was that it was because the website was not secure. I emailed back to Nick and asked for verification that he meant it was because the url lacked https:// in front of the address. While waiting for a response I located some unsecure websites and visited them. Two of them were: http://go.com/ which appears as "go.com" in the address bar and has the same red line through the padlock as xmovies8 does and http://www.gnu.org/ which appears as "gnu.org" in the address bar and also has the red line through the padlock indicating the connection is not secure. At all of these unsecure websites I only received the ZoneAlarm notice that "Firefox is trying to access the internet" (Screen-caps below) which is normal for opening a new tab. I did not receive the warning that "Firefox is attempting to monitor user activities on this computer........" at any of them. So my experiment proved the scary warning had nothing to do with the website being unsecure. I received another email from Nick at ZoneAlarm support stating "Yes, you will get an alert if ZoneAlarm catches malicious activity or suspicious behavior for every website you visit, just like when you visit this particular movie website." but he did not include any specifics on what "malicious activity" or "suspicious behavior" is that would trigger this warning. So ZoneAlarm really didn't give me any usable information regarding this other than I found out it is not because the website is unsecure.
Hi catrike, those recent dialogs mention a subscription being expired. Not sure if that affects the information or support you get from ZoneAlarm.
If we assume the page you were visiting originally contains a script that ZoneAlarm doesn't like, that may be difficult to avoid unless an add-on can block Firefox from downloading it. You could try uBlock Origin if you don't currently use any content blockers.