Re: Firefox on testing hijacked by http://www.megago.com/l/?

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: Firefox on testing hijacked by http://www.megago.com/l/?
From: Torsten Sadowski <torsten.sadowski@tu-berlin.de>
Date: Thu, 7 Sep 2006 11:43:57 +0200
Message-id: <[🔎] 200609071143.58231.torsten.sadowski@tu-berlin.de>
In-reply-to: <[🔎] 87r6yp55qk.fsf@mid.deneb.enyo.de>
References: <[🔎] 200609041538.47174.torsten.sadowski@tu-berlin.de> <[🔎] 200609061132.15414.torsten.sadowski@tu-berlin.de> <[🔎] 87r6yp55qk.fsf@mid.deneb.enyo.de>

Hallo Florian,

I did a grep over ~/.firefox and voila, there is the culprit:

default/8nfma0b5.slt/prefs.js:user_pref("sessionsaver.windows.session2", "session2  
997  901  1280  59  111111  0  1  
s0,,:0,,:0,,:0,,:0,,:0,,:-1,,:-1,,:-1,,:-1,,:-1,,:-1,, |i,,vvT |z1 |0 |0,0| 
http://www.megago.com/l/?  0");

I just don't know how it did get there.

Thank you, Torsten


> In this case, I'd need a tar.gz of your ~/.mozilla directory to
> investigate this further, but I can understand if you don't want to
> share it.

Reply to:

Follow-Ups:
- Re: Firefox on testing hijacked by http://www.megago.com/l/?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Firefox on testing hijacked by http://www.megago.com/l/?
  - From: Torsten Sadowski <torsten.sadowski@tu-berlin.de>
- Re: Firefox on testing hijacked by http://www.megago.com/l/?
  - From: Torsten Sadowski <torsten.sadowski@tu-berlin.de>
- Re: Firefox on testing hijacked by http://www.megago.com/l/?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: OpenSSL: RSA Signature Forgery (CVE-2006-4339)
Next by Date: Re: Firefox on testing hijacked by http://www.megago.com/l/?
Previous by thread: Re: Firefox on testing hijacked by http://www.megago.com/l/?
Next by thread: Re: Firefox on testing hijacked by http://www.megago.com/l/?
Index(es):
- Date
- Thread