X
點擊此處開啟此網站的行動版。

技術支援討論區

Firefox replaced data on uploaded files with user information

已張貼

I used firefox to upload a 7z file into a website. Some time later I was reported the 7z file was returning CRC errors when decompressing. After downloading it from the website and comparing it against the original 7z (raw byte comparison) file I discovered a large section of the file, near the bottom, was replaced.

However the worst part is not that the file was corrupted but that the data inserted on the file contains user information. On thie section I found several strings matching all sorts of things:

  • URLs I have recently visited
  • Search bar history (searches I have recently done on google)
  • Login details saved on my firefox
  • part of pages I have recently visited

Is this a known issue? This is a big deal for me and I will stop using firefox until this is fixed.

I am using 60.0.1 (64-bit) over win8.1.

I used firefox to upload a 7z file into a website. Some time later I was reported the 7z file was returning CRC errors when decompressing. After downloading it from the website and comparing it against the original 7z (raw byte comparison) file I discovered a large section of the file, near the bottom, was replaced. However the worst part is not that the file was corrupted but that the data inserted on the file contains user information. On thie section I found several strings matching all sorts of things: * URLs I have recently visited * Search bar history (searches I have recently done on google) * Login details saved on my firefox * part of pages I have recently visited Is this a known issue? This is a big deal for me and I will stop using firefox until this is fixed. I am using 60.0.1 (64-bit) over win8.1.

額外的系統細節

已安裝的外掛程式

  • Shockwave Flash 29.0 r0

應用程式

  • User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

更多資訊

FredMcD
  • Top 10 Contributor
4254 個解決方法 59583 個答案

有幫助的回覆

Any browser would only upload/download a file without making any changes.

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

Any browser would only upload/download a file without making any changes. You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

提出問題者

Antivirus has been always up to date on my system. I have been trying to figure out what is the problem but firefox continues to do it every now an then. Unfortunately I cannot install malware scanners, this is a corporate PC.

Thanks for the help anyway. I was great using firefox for about 12 years.

Antivirus has been always up to date on my system. I have been trying to figure out what is the problem but firefox continues to do it every now an then. Unfortunately I cannot install malware scanners, this is a corporate PC. Thanks for the help anyway. I was great using firefox for about 12 years.
FredMcD
  • Top 10 Contributor
4254 個解決方法 59583 個答案

Notify your boss And your IT that you found a security breach.

Notify your boss '''And''' your IT that you found a security breach.
jscher2000
  • Top 10 Contributor
8758 個解決方法 71658 個答案

I suggest filing a bug and seeing whether anyone can reproduce the issue with one of your problem files. If there are characters or codes in the file that cause Firefox to read beyond its expected end or to substitute other data from your hard drive or memory, that needs to be fixed. You might want to mark it security sensitive.

https://bugzilla.mozilla.org/

I suggest filing a bug and seeing whether anyone can reproduce the issue with one of your problem files. If there are characters or codes in the file that cause Firefox to read beyond its expected end or to substitute other data from your hard drive or memory, that needs to be fixed. You might want to mark it security sensitive. https://bugzilla.mozilla.org/