 Sindows 7
join:2006-09-13
Chilliwack, BC
kudos:2 | reply to siljaline
Re: NBC Website Hacked The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug
Now FF has PDF built in...so it begins.... |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| said by Sindows 7:Now FF has PDF built in...so it begins.... Which is why, in about:config, I've set pdfjs.disabled to true in addition to disabling any and all PDF plugins in the Adds-ons Manager.
--
Don't feed trolls--it only makes them grow! |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | said by StuartMW:said by Sindows 7:Now FF has PDF built in...so it begins.... Which is why, in about:config, I've set pdfjs.disabled to true in addition to disabling any and all PDF plugins in the Adds-ons Manager. is it a vulnerability in the PDF protocal or the adobe (or foxit) renderer?
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by AVD:is it a vulnerability in the PDF protocal or the adobe (or foxit) renderer? No idea but if you don't allow PDF's to be automatically displayed then no vulnerability can be exploited 
I manually (right-click, Save As...) files I want (including PDF's). If I noticed a PDF I hadn't downloaded I wouldn't try and open it even if it is called "free prize" or similar. I'm not that naive.
--
Don't feed trolls--it only makes them grow! |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Sindows 7
Mozilla blocked access to nbc.com during the attack (as did Chrome and Facebook). BUT during that window of time before Mozilla began blocking the site, a user with the latest Fx and internal PDF turned on, may have been vulnerable. Plus, not everyone sets their browsers to block reported attack sites. It is not clear to me whether or not Mozilla blocked nbc.com regardless of the user's settings or not.
I have never allowed PDF to be read in a browser. Firefox's internal PDF is using HTML5 so I don't know if it was vulnerable or not to this exploit. Even if not.....what about the next time? I continue to download PDF to disk, scan and THEN open in Evince which is little used on Windows (works great though) so less likely to be attacked by exploits.
»hitmanpro.wordpress.com/2013/02/···malware/
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
|
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| said by Mele20:Plus, not everyone sets their browsers to block reported attack sites. I turned that feature off since it was constantly reporting a (bookmarked) forum site I visit from time to time as an attack site. I looked into it and it was reported because some posts contained links to malware. Since I'm not dumb enough to click on them anyway I turned off the feature.
It was nice of Mozilla to hold my hand though. I felt all warm'n'fuzzy 
--
Don't feed trolls--it only makes them grow! |
|
Reviews:
 ·Suddenlink
| reply to StuartMW
said by StuartMW:Which is why, in about:config, I've set pdfjs.disabled to true in addition to disabling any and all PDF plugins in the Adds-ons Manager.
Thanks for that. Just made the change here! (I Foxit without its browser plugin to open PDF's). |
|
AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to StuartMW
said by StuartMW:said by Mele20:Plus, not everyone sets their browsers to block reported attack sites. I turned that feature off since it was constantly reporting a (bookmarked) forum site I visit from time to time as an attack site. I looked into it and it was reported because some posts contained links to malware. Since I'm not dumb enough to click on them anyway I turned off the feature. It was nice of Mozilla to hold my hand though. I felt all warm'n'fuzzy should have set it up as an exception instead..
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
