Announcement

Collapse
No announcement yet.

Firefox Scripting Exploit

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Firefox Scripting Exploit

    What is an easy way to stop the following Javascript exploit in Firefox -

    http://scanbest4.com
    or
    http://scanbest4.com/22/?uid=121

    DON'T VISIT the above site unless unless you have Javascript blocked in Firefox and/or have your bookmarks backed up. I would also suggest a strong password on your system. I could not figure out a way to shut down the exploit short of uninstalling Firefox completely and reinstalling (and losing my bookmarks).

    The site appears to belong to the famous Russian Business Network. The exploit does not work in Opera. I have not tried Konqueror. Leaving Javascript blocked in Firefox is a real pain. IMO Firefox should fix this problem by providing a simple escape means. Maybe they do and I just don't know how use it.

    Thanks for any help!

    #2
    Re: Firefox Scripting Exploit

    Very interesting. The web site is one of many that uses the malware Internet Antivirus Pro to infect a windows computer. I have removed it several times from windows machines, but I've never seen it have the ability to infect any linux machine. It downloads a file "install.exe" that runs and installs itself on windows machines, but of course, that can't run on a linux machine, except maybe if you are running your browser in wine, or in a virtual windows. I would really like to know more about exactly what this malware is doing on your machine, could you possibly post a screen shot of the firefox window? BTW, the quickest way to remove it from an infected windows machine is with the Malwarebytes removal tool. There is a free version.

    http://www.malwarebytes.org/

    Comment


      #3
      Re: Firefox Scripting Exploit

      Originally posted by delta-dude
      What is an easy way to stop the following Javascript exploit in Firefox
      The easiest way is to install the NoScript extension, which prevents all scripts and plugins from running unless you explicitly allow them. NoScript uses a white-list to manage which sites are allow to run scripts, which means that the entire web is denied until you explicitly allow a site. NoScipt also provides protection from cross-site scripting (XSS) and clickjacking, which no anti-virus or firewall can protect you from.

      Well, I wasn't planning a sales pitch, but it really is the best way to prevent Javascript exploits like the one you pointed out.
      Welcome newbies!
      Verify the ISO
      Kubuntu's documentation

      Comment

      Working...
      X