[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?
William L. Maltby
CentOS4Bill at triad.rr.com
Fri Apr 17 17:25:12 UTC 2009
On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
> On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters at mac.com> wrote:
> > Lanny Marcus wrote:
> > My experience is that when browsing on any OS and you come across an
> > error message stating that your computer is infected and you need to
> > install such and such software, the web site I was visiting has an XSS
> > exploit that was taken advantage of to try and get you to manually
> > install a piece of malware.
> > Install the FireFox extension "noscript" and be very careful about what
> > domains you authorize scripting from.
> > The fact that an XSS attack was able to give you a phony message means
> > the same site could have XSS that reads your cookie and steals your
> > session ID.
> > Noscript reduces the odds of such attacks being succesful.
> Michael: Thank you for the above explanation. I am going to copy it
> and email it to the webmaster of that web site. Once, about 4-6
> months ago, there was a warning from Google (?), about it being an
> Attack site, and he eliminated whatever was causing that. This time,
> no warnings, but certainly something out there. I will get the
> "noscript" extension for Firefox. Lanny
You might want to also check your preferences. FF has settings about
warning about fraud sites etc. You also can affect the things that
that you mentioned and gotten no ill-effects since I just leave the site
> <snip sig stuff>
More information about the CentOS