Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] firefox-bin security issue: "drivecleaner"
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
rickythesk8r
n00b
n00b


Joined: 10 Aug 2003
Posts: 62
PostPosted: Sun Jun 24, 2007 10:01 pm    Post subject: [SOLVED] firefox-bin security issue: "drivecleaner" Reply with quote
I am running firefox-bin on an amd64 box. Just now, a popup appeared touting a "product" called drivecleaner that was supposedly going to save my career and marriage by removing traces of "visits" to "adult sites." The mechanism behind the popup also managed to resize the firefox-bin frame to about 20x20 pixels and move it to the lower right hand corner of the screen (behind the popup).

What is the best course of action? Has the firefox-bin executable been corrupted? I have a few extensions: chatzilla, DOM inspector, download status bar, greasemonkey, talkback and videodownloader.

It's a little bit alarming. I assume that if I'd clicked Yes in the popup that a lot of personal information would have been harvested.

Last edited by rickythesk8r on Sat Jun 30, 2007 11:36 am; edited 1 time in total
Back to top
View user's profile Send private message
didymos
Advocate
Advocate


Joined: 10 Oct 2005
Posts: 4798
Location: California
PostPosted: Mon Jun 25, 2007 2:12 am    Post subject: Reply with quote
If the user isn't allowed to touch the firefox executable, then neither can the popup. Even if you had write access, it still probably wouldn't be able to do anything. What you want to do is open "about:config" and set anything that matches "dom.disable_window_*" to true. You may want to force any attempts to open a new window to open a new tab instead as well. Clean out the disk cache, and that should wipe any trace of the popup. If you feel especially paranoid, then "rm -rf ~/.mozilla/firefox". All your settings and extensions and themes go bye-bye if you do that, however.
_________________
Thomas S. Howard
Back to top
View user's profile Send private message
desultory
Bodhisattva
Bodhisattva


Joined: 04 Nov 2005
Posts: 9410
PostPosted: Mon Jun 25, 2007 4:33 am    Post subject: Reply with quote
rickythesk8r wrote:
What is the best course of action?
Only allow scripting on sites which you trust and that actually use it, or at least restrict what you allow scripts to do in your browser (under the Content tab of the Preferences dialog, use the Advanced options for JavaScript). As mentioned by didymos, totally removing your user profile is not necessary in this case.
rickythesk8r wrote:
Has the firefox-bin executable been corrupted?
Doubtful, not only would you need write access to the firefox executable, the script would need to somehow induce changes in it, which would be nontrivial for a script on a website. Unless, of course, the client software was essential specifically configured to allow such behavior. So unless the browser is running unsigned applets with full system access or you had a compromised trusted applet available for the script to exploit or you have otherwise allowed such behavior, recognize the pop up as an annoyance as opposed to an actual security threat in itself.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23062
PostPosted: Tue Jun 26, 2007 12:03 am    Post subject: Reply with quote
Since desultory mentioned restricting which sites can use JavaScript, I feel I should point out the use of x11-plugins/noscript, which will install NoScript in the system-wide Firefox plugins area. Of course, you can also install it in your profile if you do not want it to affect all Firefox users on the system.

This plugin lets you control JavaScript on a per-domain basis, without needing to keep editing preferences. It takes a bit of adjustment when you first start using it, but I have been very pleased with its results. In particular, you need to get all your trusted sites on the allow list so that their scripts are permitted to run. After the initial setup overhead, it requires very little maintenance.
Back to top
View user's profile Send private message
rickythesk8r
n00b
n00b


Joined: 10 Aug 2003
Posts: 62
PostPosted: Sat Jun 30, 2007 11:36 am    Post subject: Reply with quote
Thanks for all the patient explanations and helpful suggestions.

NoScript is exactly what I needed. Not only does it keep predators at bay, it also performs the very useful service of showing you just exactly who is trying to run scripts. It's just amazing to me, for example, how often Google (in the form of google-analytics.com) pops up.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy