Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Firefox highjacked!

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 597
Joined: Sun May 03, 2009 2:34 pm

Firefox highjacked!

#1 Post by TenderFoot » Sun Feb 09, 2014 4:07 pm

Whenever I do a fresh install of M8 (and M11 I think) and launch FF, the moment I try to navigate to Google, it instead loads a dangerous page that is nothing like the one requested. Its not always the same one and on this occasion was a crude one demanding that I back up all my data with a sequence of pop-ups that would reappear when ever cancelled. In the end, had Ctry+Alt+BkSp to kill it and log back in.

This is clearly not good and something is compromised. Any suggestions?

User avatar
kmathern
Forum Veteran
Forum Veteran
Posts: 9270
Joined: Wed Jul 12, 2006 2:26 pm

Re: Firefox highjacked!

#2 Post by kmathern » Sun Feb 09, 2014 4:39 pm

I just booted into a M8.0 LiveISO session, and I'm not seeing what you describe. Even with the default 3.5.6 FF version it goes to the http://www.google.com/ search page as expected.

Could you post some details about how you're connecting to the internet? In this post here: http://forum.mepiscommunity.org/viewtop ... 90#p329890 you mentioned something about using a TP-Link multifunction device set up in client mode.so that it acts as wireless cable connection
[PS The TP-Link is a miniature multifunction device which can be a router but mine are (I have a couple because they're so useful in an emergency!) set up in client mode.so that it acts as wireless cable connection. Also can be used, for example, in the lan port of pvr, set-top box or tv!]
Is there a actual router (being used as a router -- with NAT & firewall, etc.) somewhere in that setup?

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#3 Post by uncle mark » Sun Feb 09, 2014 5:34 pm

TenderFoot wrote:Whenever I do a fresh install of M8 (and M11 I think) and launch FF, the moment I try to navigate to Google, it instead loads a dangerous page that is nothing like the one requested.... This is clearly not good and something is compromised. Any suggestions?
Stop using the profile that's got the compromised javascript.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 597
Joined: Sun May 03, 2009 2:34 pm

Re: Firefox highjacked!

#4 Post by TenderFoot » Sun Feb 09, 2014 5:47 pm

No - this is different machine which happens to have a TP-Link NIC (which always reports a weak signal in any o/s but usually functions adequately). To be honest, I'm not certain that it is only Mepis - it's just that I seem to have done a lot of fresh installs of M8 and M11 (Other distros have been successfully remastered and require little or no setting up).

However, I suspect some other vulnerability but not sure what - eg Mepis default firewall or the routers' (as supplied by isp TalkTalk) defaults?

Once I get past that initial problem it doesn't seem to re-occur - but, of course, horrible things could go on in the background!

EDIT
Stop using the profile that's got the compromised javascript.
Only the default Mozilla page that it opens with. All I do is to type in the url for http://www.google.co.uk.

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#5 Post by uncle mark » Sun Feb 09, 2014 6:21 pm

Change your DNS servers.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 597
Joined: Sun May 03, 2009 2:34 pm

Re: Firefox highjacked!

#6 Post by TenderFoot » Sun Feb 09, 2014 6:31 pm

To what - they are the defaults from the isp and cause no issues to my knowledge?

User avatar
uncle mark
Forum Veteran
Forum Veteran
Posts: 4954
Joined: Sat Nov 11, 2006 10:42 pm

Re: Firefox highjacked!

#7 Post by uncle mark » Sun Feb 09, 2014 6:58 pm

Okay, don't. Suit yourself.
Desktop: Custom build Asus/AMD/nVidia -- MEPIS 11
Laptop: Acer Aspire 5250 -- MX-15
Assorted junk: assorted Linuxes

User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 597
Joined: Sun May 03, 2009 2:34 pm

Re: Firefox highjacked!

#8 Post by TenderFoot » Sun Feb 09, 2014 8:11 pm

I think you were probably closer with your first response -
Stop using the profile that's got the compromised javascript.
- except that the initially presented page cannot be avoided...

[And bearing in mind that M8 starts with a very old FF and a very security compromised java?]

User avatar
megatotoro
Forum Regular
Forum Regular
Posts: 676
Joined: Wed Jun 09, 2010 5:59 pm

Re: Firefox highjacked!

#9 Post by megatotoro » Sun Feb 09, 2014 9:12 pm

I use M8 pretty much everyday and I haven't seen anything like the problem you're describing. Have you upgraded Firefox? I'm currently running FF26.

User avatar
TenderFoot
Forum Regular
Forum Regular
Posts: 597
Joined: Sun May 03, 2009 2:34 pm

Re: Firefox highjacked!

#10 Post by TenderFoot » Sun Feb 09, 2014 9:31 pm

megatotoro wrote:I use M8 pretty much everyday and I haven't seen anything like the problem you're describing. Have you upgraded Firefox? I'm currently running FF26.
That rather misses the point - it only occurs on a virgin install and first launch of FF. Updating can't occur until I access the Mepis sites to copy/paste current repos and similarly sort out gpg errors!

But glad to hear from a kindrid regular M8 user!

Post Reply

Return to “Security”