Re: [CentOS] Firefox Issue

[Rob Kampen]

On 17/09/18 21:54, Chris Olson via CentOS wrote:

We have several small networks, some of which have only four systems
that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines.
All of these systems are Internet connected and updated regularly when
yum finds packages available.  Information about one of the CentOS 6
machines is included below.  This system experienced a Firefox issue.

[user@computer]$ uname -a
Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
[user@computer]$

Several weeks ago, one of the Firefox updates did something unusual.
It changed the browser-stored home page to https://www.centos.org/ from
the original home page file:///usr/share/doc/HTML/index.html.  This
original home page had been in place since 2014, and had survived all
Firefox updates for a little over four years.

Last week, someone left one browser running and the system went into
power save mode.  To wake the system up we used the standard method of
a quick push of the power button on the front of the Dell tower system.
Although the system seemed to be running, the monitor and mouse never
came to life.  We also could not ssh into the system from any other
computer on the network.

We decided to use a steady push on the power button to shut the system
down.  After powering up again, the system seemed to run normally, but
the browser home page was back to file:///usr/share/doc/HTML/index.html.

Has anyone else experienced such an issue with Firefox recently?
I note each time there is a firefox yum update that the next time I 
start firefox from closed, that it brings up a tab with the centos 
homepage and another tab has my start page. The page on display (active 
tab) is the centos one  next start is back to normal.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Firefox Issue

[Chris Olson via CentOS]

We have several small networks, some of which have only four systems
that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines.
All of these systems are Internet connected and updated regularly when
yum finds packages available.  Information about one of the CentOS 6
machines is included below.  This system experienced a Firefox issue.

[user@computer]$ uname -a
Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
[user@computer]$ 

Several weeks ago, one of the Firefox updates did something unusual.
It changed the browser-stored home page to https://www.centos.org/ from
the original home page file:///usr/share/doc/HTML/index.html.  This
original home page had been in place since 2014, and had survived all
Firefox updates for a little over four years.

Last week, someone left one browser running and the system went into
power save mode.  To wake the system up we used the standard method of
a quick push of the power button on the front of the Dell tower system.
Although the system seemed to be running, the monitor and mouse never
came to life.  We also could not ssh into the system from any other
computer on the network.

We decided to use a steady push on the power button to shut the system
down.  After powering up again, the system seemed to run normally, but
the browser home page was back to file:///usr/share/doc/HTML/index.html.

Has anyone else experienced such an issue with Firefox recently?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Leonard den Ottolander]

Hi Paul,

On Wed, 2017-01-11 at 12:43 +, Always Learning wrote:
> Goeiemiddag Leonard,

Heh :) . I was just thinking yesterday, "lekker ananas" :-) .

> One could say the host name, 4-3-2-1-static.friendly-ip.com, is
> not absolutely required in the 1.2.3.4 virtual host file.
> 
> Not knowing whether all access attempts to the IP host name will always
> be directed to the 1.2.3.4 virtual host file, I included the host name.

After replying to your mail I realized that I've been using a fallback
on my server for quite while now. Not a redirect to localhost, but a
fallback page.

The fact that all this stuff just works makes you forget the details. So
I looked it up, and indeed, you do *not* need to specify the specific
host name(s). I use a catch all virtual host


ServerName 176.9.136.165

which catches web access to a.o. mail.ottolander.nl and
kelapa.ottolander.nl (coconuts not pineapples these days ;) ) without
having to specify each domain name individually.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[ken]

On 01/09/2017 01:51 PM, m.r...@5-cent.us wrote:

Always Learning wrote:

On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote:

James B. Byrne wrote:

On Thu, January 5, 2017 17:23, Always Learning wrote:

Cyber attacks are gradually replacing armed conflicts.

Better fight with bits than blood.

Yes, but... attacks on the friggin' IoT could result in lots of blood.

Or, less so, what do you mean all the rail lines have been knocked out
of commission for a week, and we can't get food to the eastern half of
the country? Or power?


Query: How did the Reds get into the Democrats computer systems ? Hope

it wasn't a Redhat/Centos system but an 'open Windoze' set-up.

In at least one of the several, it was a phishing attack. 


Though not being a professional cyber spy, still I don't see how it's 
possible at all to determine the source of the hack.  Once someone's 
machine succumbs to a phish, the attacker could install something like 
tor which would conceal all hacker traffic with the hacked machine.  
Indeed, a professional could, further, set up a chain or web of such 
compromised machines, each connected to the other via tor to further 
hide the hacker's home... if that would even be necessary (?).


Moreover, https://www.youtube.com/watch?v=C2jD4SF9gFE and others also 
provide enlightening expert details about the software allegedly used in 
the hack, maintaining it was a couple years old, not even the latest 
versions available "off the shelf" on the dark web, hardly software 
which would be used by a state agent.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

Goeiemiddag Leonard,

> On Tue, 2017-01-10 at 12:00 +, Always Learning wrote:
> > (4) The 'extra' Apache Virtual Host file contains 
> > 
> > 
> 
> Why do you add dummy.domain.com:80 here as the match is done on the
> ServerName?
> 
> > DocumentRoot /prod/web/domains/dummy/
> > ServerName 1.2.3.4
> > CustomLog 
> > ErrorLog  ...
> > HostnameLookups Off

(5) IP addresses hosting multiple web sites will have a host name. That
host name is unlikely to be the name of one of the hosted web sites. For
example

1.2.3.4
4-3-2-1-static.friendly-ip.com

Thus, if an attempt is made to connect to "a web site" with a domain
name of "4-3-2-1-static.friendly-ip.com", it will not be a genuine
access attempt, by a genuine web user, to a genuine web site.

It is likely an access attempt to a non-hosted web site name on 1.2.3.4
will automatically be redirected by Apache to the 1.2.3.4 virtual
domain. One could say the host name, 4-3-2-1-static.friendly-ip.com, is
not absolutely required in the 1.2.3.4 virtual host file.

Not knowing whether all access attempts to the IP host name will always
be directed to the 1.2.3.4 virtual host file, I included the host name.

(6) Another example is a Virtual Private Server (VPS) hosting multiple
web sites and a mail server (Mail Transfer Agent = MTA) on a single IP
address.

The web sites could be:-

sunshine-in-winter.com
centos-is-wonderful.eu
ilovelinux.uk
ikhouvanmijbuurvrouw.nl
etc.

The mail server (MTA) could be:-

mail3.example.com

When someone attempts to access web site "mail3.example.com", having
that "web site name" in the Apache virtual host file, results in the
request instantly being redirected to 127.0.0.1
One can have several "web site names" in the virtual host file, in
addition to the IP address.

Similarly, if someone attempts to send emails to .@mail3.example.com
the mail server should reject it because that "domain name" is not a
genuine email address domain name for the MTA.


(7)  I developed an Apache error processing system. It consists of
several PHP routines. It does not work for status codes of 400 or 500 (I
do not know why) but it does for 403 and 404.

That system, shared by all hosted web sites, examines the requested web
page name and compares it to two lists, one starting with /... and the
other with keywords in any position. If a match is found, the IP address
is placed in a monthly table (in IPtables) and blocked (sudo command in
a PHP routine). This means after the first conspicuously wrong
(deliberately wrong) attempt to access a non-existent web page, the IP
address is instantly blocked.


I'm a self-taught Linux user who chose Centos years ago. I am glad I
did. I am continually learning new things almost every day.


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Leonard den Ottolander]

Hello Paul,

On Tue, 2017-01-10 at 12:00 +, Always Learning wrote:
> (4) The 'extra' Apache Virtual Host file contains 
> 
> 

Why do you add dummy.domain.com:80 here as the match is done on the
ServerName?

> DocumentRoot /prod/web/domains/dummy/
> ServerName 1.2.3.4
> CustomLog 
> ErrorLog  ...
> HostnameLookups Off

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

On Mon, 2017-01-09 at 11:06 -0600, John R. Dennison wrote:
> On Mon, Jan 09, 2017 at 04:23:05PM +, Always Learning wrote:
> > 
> > Agreed. One of my Apache defences is to redirect probes/hacks to
> > 127.0.0.1 :-)
> 
> Would you be willing to share this rewrite rule with the list, please?
> Some may find it useful.  Thank you.

(1) Hosting several web sites on a single IPv4 address.

(2) Create Apache Virtual Hosts for each web site plus one extra.

(3) Assuming the IP address is 1.2.3.4 and that IP address has a host
name of dummy.domain.com *and* no web site is hosted with the name
dummy.domain.com

(4) The 'extra' Apache Virtual Host file contains 


DocumentRoot /prod/web/domains/dummy/
ServerName 1.2.3.4
CustomLog 
ErrorLog  ...
HostnameLookups Off


Header set Access-Control-Allow-Methods "GET" 
Order Deny,Allow
Allow from all

RedirectMatch permanent ^/(.*)$  http://127.0.0.1/





(5) Any attempt to access:-

* using the IP address as a web site host name, or

* the host name of the IP address as a web site host name,

is diverted to 127.0.0.1



-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[m . roth]

Always Learning wrote:
> On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote:
>> James B. Byrne wrote:
>> > On Thu, January 5, 2017 17:23, Always Learning wrote:
>> >>
>> >> Cyber attacks are gradually replacing armed conflicts.
>> >
>> > Better fight with bits than blood.
>>
>> Yes, but... attacks on the friggin' IoT could result in lots of blood.
Or, less so, what do you mean all the rail lines have been knocked out
of commission for a week, and we can't get food to the eastern half of
the country? Or power?

> Query: How did the Reds get into the Democrats computer systems ? Hope
it wasn't a Redhat/Centos system but an 'open Windoze' set-up.

In at least one of the several, it was a phishing attack. In another case,
someone responded slowly to a query... and had a typo saying the *reverse*
of what they meant to say.

  mark



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Albert McCann]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Valeri
> Galtsev
> Sent: Monday, January 09, 2017 12:26 PM
> To: CentOS mailing list <centos@centos.org>
> Subject: Re: [CentOS] Firefox Issue

> > One large list that cut the number of attacks was
> > blocking ALL Amazon AWS services. That reduced attacks by at least half.
> 
> Clousflare would be another one worth mentioning. They are much nastier,
> BTW, IMHO:
> 
> https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/

Yeah, thanks, I added them too.

--
My computer was sold to me by Mad Man Muntz.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Valeri Galtsev]

On Mon, January 9, 2017 11:16 am, Albert McCann wrote:
>> -Original Message-
>> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Always
>> Learning
>> Sent: Monday, January 09, 2017 11:23 AM
>> To: Centos <centos@centos.org>
>> Subject: Re: [CentOS] Firefox Issue
>
>> > On Thu, January 5, 2017 17:23, Always Learning wrote:
>> > >
>> > >
>> > > Cyber attacks are gradually replacing armed conflicts.
>
>> > Better fight with bits than blood.
>>
>> Agreed. One of my Apache defenses is to redirect probes/hacks to
>> 127.0.0.1 :-)
>
> I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here,
> plus using mod_geoip, ipset, and the mother of all network level
> blacklists in ipset. One large list that cut the number of attacks was
> blocking ALL Amazon AWS services. That reduced attacks by at least half.

Clousflare would be another one worth mentioning. They are much nastier,
BTW, IMHO:

https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/

Valeri

>
> --
> Cinderella works for the CIA.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Albert McCann]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Always
> Learning
> Sent: Monday, January 09, 2017 11:23 AM
> To: Centos <centos@centos.org>
> Subject: Re: [CentOS] Firefox Issue

> > On Thu, January 5, 2017 17:23, Always Learning wrote:
> > >
> > >
> > > Cyber attacks are gradually replacing armed conflicts.

> > Better fight with bits than blood.
> 
> Agreed. One of my Apache defenses is to redirect probes/hacks to
> 127.0.0.1 :-)

I'm redirecting some things to www.fbi.gov as well as 127.0.0.1 here,
plus using mod_geoip, ipset, and the mother of all network level
blacklists in ipset. One large list that cut the number of attacks was
blocking ALL Amazon AWS services. That reduced attacks by at least half.

--
Cinderella works for the CIA.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[John R. Dennison]

On Mon, Jan 09, 2017 at 04:23:05PM +, Always Learning wrote:
> 
> Agreed. One of my Apache defences is to redirect probes/hacks to
> 127.0.0.1 :-)

Would you be willing to share this rewrite rule with the list, please?
Some may find it useful.  Thank you.





John
-- 
It's a hurtful place, the world, in and of itself.  We don't need to add to it.
And we're in a place now where we all need one another, and it's going to get
rougher.

-- Prince Rogers Nelson (7 June 1958 - 21 April 2016), funk/rock/pop/R singer,
   songwriter, and actor, Tavis Smiley Show, PBS (27 April 2009)


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[John R Pierce]

On 1/9/2017 8:33 AM, Always Learning wrote:

Query: How did the Reds get into the Democrats computer systems ?
Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up.


primary attack was cracking a too easy password on Podesta's webmail 
account, quite probably via phishing/human engineering. doesn't matter 
what the OS is.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[John R. Dennison]

On Mon, Jan 09, 2017 at 04:33:01PM +, Always Learning wrote:
> recognise vulnerabilities and how to block them; too many self-declared
> "komputar xperts" haven't a clue about robust security.

Thank you SO very much for this.  I am still laughing at the irony after
5 whole minutes.  This made my entire Monday.





John
>-- 
Pessimists just can't win: the damned glass is half full of air.

-- Logos01, #rhel


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

On Fri, 2017-01-06 at 12:54 -0500, m.r...@5-cent.us wrote:

> James B. Byrne wrote:
> >
> > On Thu, January 5, 2017 17:23, Always Learning wrote:
> >>
> >> Cyber attacks are gradually replacing armed conflicts.
> >
> > Better fight with bits than blood.
> 
> Yes, but... attacks on the friggin' IoT could result in lots of blood. Or,
> less so, what do you mean all the rail lines have been knocked out of
> commission for a week, and we can't get food to the eastern half of the
> country? Or power?

(1) For national infrastructures, a "parallel" Internet-type
communications network, totally isolated from the real Internet.

(2) Governments should educate their country's computer people to
recognise vulnerabilities and how to block them; too many self-declared
"komputar xperts" haven't a clue about robust security.

Query: How did the Reds get into the Democrats computer systems ?
Hope it wasn't a Redhat/Centos system but an 'open Windoze' set-up.


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

On Fri, 2017-01-06 at 11:08 -0500, James B. Byrne wrote:

> On Thu, January 5, 2017 17:23, Always Learning wrote:
> >
> >
> > Cyber attacks are gradually replacing armed conflicts.
> >
> 
> Better fight with bits than blood.

Agreed. One of my Apache defences is to redirect probes/hacks to
127.0.0.1 :-)

Another is to use sudo to block their IPs.


-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[m . roth]

James B. Byrne wrote:
>
> On Thu, January 5, 2017 17:23, Always Learning wrote:
>>
>> Cyber attacks are gradually replacing armed conflicts.
>
> Better fight with bits than blood.

Yes, but... attacks on the friggin' IoT could result in lots of blood. Or,
less so, what do you mean all the rail lines have been knocked out of
commission for a week, and we can't get food to the eastern half of the
country? Or power?

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[James B. Byrne]

On Thu, January 5, 2017 17:23, Always Learning wrote:
>
>
> Cyber attacks are gradually replacing armed conflicts.
>

Better fight with bits than blood.


-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Jonathan Billings]

On Thu, Jan 05, 2017 at 10:23:18PM +, Always Learning wrote:
> [...] The
> only method of preventing it compromising a site is to test the
> acceptable maximum length of the parameter (in this example '12345') and
> if exceeded block the IP address in iptables.

I'm honestly interested in what you mean by this.  

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[John R Pierce]

On 1/5/2017 2:23 PM, Always Learning wrote:

SQL injection attempts, made by suffixing usually very long strings of
SQL coding to valid parameters such as domain.com/info.php?=12345,
has been popular with the Russians for at least the last few years.


SQL Injection is a server side issue, not a browser issue.


The only method of preventing it compromising a site is to test the
acceptable maximum length of the parameter (in this example '12345') and
if exceeded block the IP address in iptables.


no, the proper method of preventing it is not checking the length of the 
parameter, rather, its ensuring you don't construct SQL queries out of 
arbitrary URL input without proper parameter substitution techniques 
such as passing parameters by value rather than string substitution, or 
using the appropriate string escaping techniques for your database API..



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Always Learning]

On Wed, 2017-01-04 at 21:33 +, Chris Olson wrote:

> .. A Firefox browser on one system .
> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.

Firefox, like other web browsers, usually displays text in HTML mode.
Seeing a "link" for https://gaibacoupontec.com does not guarantee the
hidden 'A HREF' code is actually for that site.

> Is it possible that a new Firefox flaw has been detected and is
> being exploited for malicious purposes? 

Yes. Alertness and improving security are continuous tasks.

SQL injection attempts, made by suffixing usually very long strings of
SQL coding to valid parameters such as domain.com/info.php?=12345,
has been popular with the Russians for at least the last few years. The
only method of preventing it compromising a site is to test the
acceptable maximum length of the parameter (in this example '12345') and
if exceeded block the IP address in iptables.

Cyber attacks are gradually replacing armed conflicts. 



-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Andrew Holway]

Maybe is was an ad redirect. I get this a lot on my phone where people are
putting malicious js in ads that redirects me to advertisements for rock
hard erections whilst I'm reading articles. Its very noisome!

On 4 January 2017 at 22:33, Chris Olson  wrote:

> Everyone is back at work and starting to use computers on our
> smallest network which has Internet access through a rather old
> Linksys router.  Two systems were left on and screen-locked over
> the extra long weekend.  There does not appear to have been any
> Internet access interruption in our absence.
>
> A Firefox browser on one system was left pointing to a commonly
> used web site: https://www.yahoo.com/.  This Yahoo web page was
> not displayed when the user unlocked the screen and brought up
> the browser from the task bar.
>
> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.  There was a button to download and to
> install the update.  I killed the Firefox browser rather than
> getting rid of it with the X in the upper right hand corner.
>
> This event has the aroma of an unwanted cyber intrusion, which
> is why I killed the browser.  I have also copied and stored the
> full URL displayed in the browser, but have only included the
> first part "https://gaibacoupontec.com; here so as not to tempt
> anyone to risk access.
>
> Is it possible that a new Firefox flaw has been detected and is
> being exploited for malicious purposes?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[David Nelson]

> Instead, a site located at the link https://gaibacoupontec.com
> was displayed with a message indicating that there was an urgent
> Firefox update required.  

Have you checked the user's Firefox profile for any unusual extensions? That 
would be my first suspicion. 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Firefox Issue

[Chris Olson]

Everyone is back at work and starting to use computers on our
smallest network which has Internet access through a rather old
Linksys router.  Two systems were left on and screen-locked over
the extra long weekend.  There does not appear to have been any
Internet access interruption in our absence.

A Firefox browser on one system was left pointing to a commonly
used web site: https://www.yahoo.com/.  This Yahoo web page was
not displayed when the user unlocked the screen and brought up
the browser from the task bar.  

Instead, a site located at the link https://gaibacoupontec.com
was displayed with a message indicating that there was an urgent
Firefox update required.  There was a button to download and to
install the update.  I killed the Firefox browser rather than
getting rid of it with the X in the upper right hand corner.

This event has the aroma of an unwanted cyber intrusion, which
is why I killed the browser.  I have also copied and stored the
full URL displayed in the browser, but have only included the
first part "https://gaibacoupontec.com; here so as not to tempt
anyone to risk access.

Is it possible that a new Firefox flaw has been detected and is
being exploited for malicious purposes? 
 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos