[Bug 99759] Malware in Firefox?

Alexander Sack asac at jwsdot.com
Sun Apr 1 21:05:37 UTC 2007


On Sun, Apr 01, 2007 at 02:15:36PM -0000, Bob Stoll wrote:
> Public bug reported:
> 
> I started playing with the Feisty beta and was having trouble getting to
> the internet with firefox (adblock and forecastfox plugins installed).
> My firewall (Check Point FW-1/VPN-1 Edge device) logs show the traffic
> is being dropped because it is infected with ISTbar, which is adware.

Is this kind of proxy server which doesn't let you through?

> 
> I did a little snooping with Wireshark and found that it indeed is
> adding what looks like ISTbar headers in the first http get request:
> 
> No.     Time        Source                Destination           Protocol Info
>       4 0.014406    192.168.0.2           192.168.0.1           HTTP     GET /StatBar.html HTTP/1.1
> 

Please try to change user agent in about:config to something
else. (e.g. feisty-> fety) ... does it help?

> Frame 4 (569 bytes on wire, 569 bytes captured)
> Ethernet II, Src: AsustekC_41:46:d5 (00:0e:a6:41:46:d5), Dst: Sofaware_72:16:a7 (00:08:da:72:16:a7)
> Internet Protocol, Src: 192.168.0.2 (192.168.0.2), Dst: 192.168.0.1 (192.168.0.1)
> Transmission Control Protocol, Src Port: 53923 (53923), Dst Port: www (80), Seq: 1, Ack: 1, Len: 503
> Hypertext Transfer Protocol
>     GET /StatBar.html HTTP/1.1\r\n
>     Host: 192.168.0.1\r\n
>     User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20061201 Firefox/2.0.0.3 (Ubuntu-feisty)\r\n
>     Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n
>     Accept-Language: en-us,en;q=0.5\r\n
>     Accept-Encoding: gzip,deflate\r\n
>     Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
>     Keep-Alive: 300\r\n
>     Connection: keep-alive\r\n
>     Referer: http://192.168.0.1/StatBar.html\r\n
>     Cookie: session=Utbs5RzctZSXj8dgioVg\r\n
>     \r\n
> 
> 
> I didn't see this behavior on Edgy with the browser in the same configuration.

Try if you get problems when changing user agent string to contain
feisty (i guess the "ist" substring is important).

Thanks,

 - Alexander

-- 
Malware in Firefox?
https://launchpad.net/bugs/99759




More information about the Ubuntu-mozillateam-bugs mailing list