[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

William L. Maltby CentOS4Bill at triad.rr.com
Fri Apr 17 17:25:12 UTC 2009


On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
> On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters at mac.com> wrote:
> > Lanny Marcus wrote:
> <snip>
> > My experience is that when browsing on any OS and you come across an
> > error message stating that your computer is infected and you need to
> > install such and such software, the web site I was visiting has an XSS
> > exploit that was taken advantage of to try and get you to manually
> > install a piece of malware.
> >
> > Install the FireFox extension "noscript" and be very careful about what
> > domains you authorize scripting from.
> >
> > The fact that an XSS attack was able to give you a phony message means
> > the same site could have XSS that reads your cookie and steals your
> > session ID.
> >
> > Noscript reduces the odds of such attacks being succesful.
> 
> Michael: Thank you for the above explanation. I am going to copy it
> and  email it to the webmaster of that web site. Once, about 4-6
> months ago, there was a warning from Google (?), about it being an
> Attack site, and he eliminated whatever was causing that. This time,
> no warnings, but certainly something out there. I will get the
> "noscript" extension for Firefox. Lanny

You might want to also check your preferences. FF has settings about
warning about fraud sites etc. You also can affect the things that
javascripts can do and suppress pop-ups. I've encountered those things
that you mentioned and gotten no ill-effects since I just leave the site
immediately.

> <snip sig stuff>

-- 
Bill



More information about the CentOS mailing list