Hi,
Carsten Mattner wrote:
> On Fri, Jul 6, 2012 at 2:42 AM, Julian H. Stacey <j...@berklix.com> wrote:
> > Hi,
> > Reference:
> >> From: Carsten Mattner <carstenmatt...@gmail.com>
> >> Date: Fri, 6 Jul 2012 00:28:32 +0200
> >> Message-id:
> >> <cacy+hvpb08w4bjgucjb1ghvf-jgpzs0869qvxfryrtxef91...@mail.gmail.com>
> >
> > Carsten Mattner wrote:
> >> On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar
> >> <woj...@wojtek.tensor.gdynia.pl> wrote:
> >> >>> As for reading anything else than internal firefox data it is not
> >> >>> possible
> >> >>> except very basic bug is there.
> >> >>
> >> >>
> >> >> Yes otherwise all the flash sites would have gathered files from local
> >> >> disks.
> >> >
> >> >
> >> > true. javascript activity is sandboxed. But within that sandbox there are
> >> > million bugs.
> >> >
> >> > i've already seen trojans that completely took control over firefox.
> >> > But - in spite it was windoze - ONLY firefox. Everything else was fine.
> >> >
> >> > Deleting firefox user data removed the trojan.
> >>
> >> Nothing is impossible at that complexity.
> >>
> >> I'd still like to know what Julian saw as you didn't see that.
> >> Did it really contain a script which made it fetch random files from the
> >> local disk?
> >
> > I don't know.
> > I wrote how I obtained the data patern I saw, in my:
>
> Fair enough :).
>
> >> Message-id: <201207050936.q659awci016...@fire.js.berklix.net>
> >> Date: Thu, 05 Jul 2012 11:36:32 +0200
> >
> > Others very welcome to try it.
>
> Of course.
>
> >> Julian?
> >
> >> Which Firefox version?
> >
> > Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
>
> I don't want to be that guy whos says it but that version is old and
> may contain widely known holes.
Good point.
( Till now I I just built ports in current when odd ports from RELEASE broke,
That's too simplistic, Thanks.)
> >> I am a little concerned.
> >
> > Me too !
> > Not had tme to pursued it though.
> > & I dont feel like exporting that data public
> > in case its already gone too far.
>
> You don't have to export it at all.
> Can you confirm the data within is the same as say the same
> file in /etc or ~/.ssh? If that's really the case, it's a problem.
No I happily can not confirm that, despite a quick-ish look.
( I wouldn't particularly xpect it, if a trojan took control, it would be pretty
easy to store data [hidden or scrambled] in different format.)
The string I saw was in file jquery.js:
/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage
Some machines have more valuable data in user files, than /etc/
passwords. If 'only' /etc/*passwd got harvested, but data beyond
did not yet get harvested, waiting for a 2nd pass with trojan,
damage would be less.
> > I suggest others create a dummy guest account & then accesss URL & do
> > page save as I wrote.
Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
Reply below not above, cumulative like a play script, & indent with "> ".
Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable.
Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
