» Firefox

Trojan forces Firefox to secretly store passwords

carrumba — Thu, 14 Oct 2010 07:06:00 +0000

A trojan recently analysed by Webroot is said to rely on retrieving web page passwords from a browser’s password storage, rather than logging a user’s keyboard inputs. To make sure it will find all the interesting passwords in Firefox, the malware, called PWS-Nslog, makes some changes to jog the browser’s memory. A few manipulations in a JavaScript file prompt Firefox to store log-in information automatically and without requesting the user’s consent.
The malware will, for instance, simply comment out Firefox’s confirmation request in the nsLoginManagerPrompter.js file and add a line with automatic storage instructions. The H’s associates at heise Security were able to reproduce the effect of the manipulations – manipulations which the malware author probably borrowed from a work around that has been in circulation since 2009.

Extracting Firefox logfile entries with FFLogDump

carrumba — Tue, 16 Mar 2010 06:40:51 +0000


Tool name :	FFLogDump 0.1

Description :	FFLogDump is a tool to access the Firefox 3.* main logfile and extract details about sites the user visited. In this version cookie information, favorites/bookmarks and the browsing history are extracted.

Tested on :	Windows XP, Firefox 3.5.1

Feedback :	In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.

Downloads :	Binary \| Source

Screen shots :	-

Zero day exploit for Firefox 3.6

carrumba — Sat, 20 Feb 2010 18:43:06 +0000

Russian security firm Intevydis has made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers. The exploit allows attackers to remotely gain control of a PC. Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. On the Immunity forum, developer Evgeny Legerov praises his exploit for Windows XP (SP3) and Vista as being quite reliable. The developer says It was an interesting challenge to find the flaw – a buffer overflow – and to exploit it.

Firefox-based attack wreaks havoc on IRC users

carrumba — Mon, 01 Feb 2010 08:17:24 +0000

Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.

Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month.

“Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network,” one of the hackers, who goes by the moniker Weev, told The Register. “We get this huge rollover effect.”

He added: “We got the the people who run Freenode to actually k-line each other,” a reference to the process of banning a user from an IRC server for spamming or other inappropriate actions.

New version of the Firefox account data extractor available for download

carrumba — Fri, 29 Jan 2010 00:01:34 +0000

As I already announced in the morning an updated version of the FFPasswordRecovery tool is available tonight. So here it is.
I reorganised the code a little and added the SQLite support that was integrated into FireFox lately. You can download both the binary version if you don’t want to compile it yourself or the sourcecode (SQLite lib and headers included).

You find the files here.

Firefox account data extractor and SkypeTap

carrumba — Thu, 28 Jan 2010 08:00:32 +0000

The new code that extracts the Firefox account data out of the SQLite database is more or less done. If everything goes well I’ll upload the new sourcecode tonight (Swiss time) in a new version of the FFPasswordRecovery tool.

During spring I plan to conduct some tests with the SkypeTap plugin and other instant messengers. If you have some minutes spare and want to see how these apps and the plugin work together don’t hesitate to conduct these tests yourself and inform me afterwards and tell me what happened. Unfortunately my time is rather limited at the moment and school keeps me busy. Therefore hings are moving more slowly than usual.

Firefox password recovery with FFPasswordRecovery

carrumba — Tue, 28 Jul 2009 16:02:44 +0000


Tool name :	FFPasswordRecovery 0.2

Description :	FFPasswordRecovery is a tool to extract and decrypt the Firefox authentication and auto complete information.

Tested on :	Windows XP, Firefox 3.5.7

Feedback :	In case you encounter any problems with the tool, you have suggestions to improve it, or you tested it with a Windows version i’ve not yet tested please drop me an email.

Downloads :	Version 0.1 – Binary \| Source
	Version 0.2 – Binary \| Source

Screen shots :