[EMAIL PROTECTED] wrote: > Hi! > > Yesterday, I experienced strange behaviour with Firefox. I was sending > two files via Gajim to a friend, for which Gajim was listening on port > 3000. After that, I surfed on YouTube. After a short while, I wanted to > send a third file, but this time, Gajim told me that port 3000 is > already in use. I was confused and thought that maybe Gajim didn't close > it correctly. Therefore I did a netstat -an which showed that the port > was really in use (but no connection to it IIRC). Then I did lsof and > saw that the port was used by Firefox. So Firefox opened the port just > in the 5 minutes where I wasn't sending a file. And the strange thing is > that it listened port 3000, one of the few ports routed to the outside > world, which was in use 5 minutes before by Gajim. > Stupid as I was, I instantly closed Firefox instead of taking the network > cable out and connecting to port 3000 via telnet. After I closed Firefox, > the port was closed again. I closed it the normal way, which means I just > closed the two tabs. > Now I'm wondering: Is there anything that could cause this behaviour? Or > is my system definitely compromised and I should reinstall it? > > The versions I use are: > Firefox: 2.0.0.4 > libjpeg: 6b-1 > zlib: 1.2.3 > expat: 2.0.1 > libtiff: 3.8.2 > libxml2: 2.6.29 > libpng: 1.2.18 > libxslt: 1.120 > Flash: Don't know how to look it up. It's either 9 Beta or 9 Final. > Anyway, the MD5 hash of the plugin is 0273c3d183c8665f21175896ae4d1b4e if > that helps. > > TIA, > Jonathan
I doubt Firefox would be compromised in such a manner, Seeing you are running a *nix based system. Compromise wouldn't necessarily be shown as a port in use by Firefox, A port may or may not even show up, Depending on the shellcode used in compromise. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
