Is there a known Firefox https exploit

[Ric Moore]

On 08/18/2013 03:05 PM, Jim Byrnes wrote:
> Running Ubuntu 12.04 and Firefox 23 both recently updated.
>
> Two things happened this morning to make me wonder if Firefox had been
> compromised.
>
> Logged into my bank and clicked the Checkfree link and got a message
> that the page had temporarily moved and was presented with a link.  I
> called Checkfree and told them and they asked me to read them the url
> and they said it was correct. I logged on paid my bills and logged out.
>
> I then logged on a mutual fund site and saw a message that the page had
> moved.  I closed the tab, cleared Firefox cache and then shut down
> Firefox.  When I restarted it I could log on to both my bank, Checkfee
> and the mutual fund site with no popups. I immediately changed the user
> name and passwords on both sites.
>
>
> The only thing I did lately that was not normal was I allowed the
> computer to run all night and Firefox was open.  Normally I shut it down
> when I done with it for the day.
>
>
> I googled for Firefox https exploits but the only thing I found was
> references to the FBI supposedly using Firefox to get Tor users IP
> addresses.
>
> Does this seem like something I should be worried about or report to
> Mozilla?  Or does it just sound like a glitch of some kind?
>
> I just realized while composing this that Checkfree never mentioned the
> temporary link, they just confirmed the url I read was correct.


Network Solutions got panged on, so it might have been a temporary 
re-direct solution. It IS hard to imagine a bank having a re-direct 
though. El-Reg was like that for one night as well. :) Ric




-- 
My father, Victor Moore (Vic) used to say:
"There are two Great Sins in the world...
..the Sin of Ignorance, and the Sin of Stupidity.
Only the former may be overcome." R.I.P. Dad.
/https://linuxcounter.net/cert/44256.png /