[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Fri Apr 17 18:17:59 UTC 2009
Scott Silva <ssilva at sgvwater.com>

on 4-17-2009 9:33 AM Lanny Marcus spake the following:
> On Fri, Apr 17, 2009 at 11:25 AM, William L. Maltby
> <CentOS4Bill at triad.rr.com> wrote:
>> On Fri, 2009-04-17 at 11:13 -0500, Lanny Marcus wrote:
>>> On Thu, Apr 16, 2009 at 11:14 PM, Michael A. Peters <mpeters-ee4meeAH724 at public.gmane.org> wrote:
>>> <snip>
>>>> My experience is that when browsing on any OS and you come across an
>>>> error message stating that your computer is infected and you need to
>>>> install such and such software, the web site I was visiting has an XSS
>>>> exploit that was taken advantage of to try and get you to manually
>>>> install a piece of malware.
>>>>
>>>> Install the FireFox extension "noscript" and be very careful about what
>>>> domains you authorize scripting from.
> 
> I now have NoScript installed.
> 
> <snip>
>> You might want to also check your preferences. FF has settings about
>> warning about fraud sites etc. You also can affect the things that
>> javascripts can do and suppress pop-ups. I've encountered those things
>> that you mentioned and gotten no ill-effects since I just leave the site
>> immediately.
> 
> Bill: I will double check the Firefox configuration settings, since I
> upgraded from CentOS 5.2 to 5.3, last Friday night. I need to be able
> to visit that web site, so if anything bad is coming from it (without
> the knowledge of the webmaster) I will hopefully avoid it, with the
> NoScript Firefox extension which I just installed. Lanny

Noscript will give you an idea of just how many sites run a script of some
kind. You will see a large part of sites just look different when the scripts
don't run, and some don't function at all. Not that it is a bad thing, it will
just make you think a lot.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20090417/82ae35d8/attachment-0004.sig>