[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Lanny Marcus lmmailinglists at gmail.com
Fri Apr 17 17:13:05 UTC 2009


On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters at mac.com> wrote:
> Lanny Marcus wrote:
<snip>
> My experience is that when browsing on any OS and you come across an
> error message stating that your computer is infected and you need to
> install such and such software, the web site I was visiting has an XSS
> exploit that was taken advantage of to try and get you to manually
> install a piece of malware.
>
> Install the FireFox extension "noscript" and be very careful about what
> domains you authorize scripting from.
>
> The fact that an XSS attack was able to give you a phony message means
> the same site could have XSS that reads your cookie and steals your
> session ID.
>
> Noscript reduces the odds of such attacks being succesful.

Michael: Thank you for the above explanation. I am going to copy it
and  email it to the webmaster of that web site. Once, about 4-6
months ago, there was a warning from Google (?), about it being an
Attack site, and he eliminated whatever was causing that. This time,
no warnings, but certainly something out there. I will get the
"noscript" extension for Firefox. Lanny


More information about the CentOS mailing list