![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-10-29 18:54:26
- dbickin
- Member
- Registered: 2015-09-30
- Posts: 76
highjacked firefox
I mistakenly typed in the wrong url, and got a popup informing me that I needed to call the phone number for instructions on removing the malware found on my computer. The graphics were all microsoft windows, so clearly BS.
However, I could not close firefox with the normal exit/close buttons, etc. But pkill x-www-browser did the trick.
Except when I reopened the browser.... "call the phone number to remove the malware, yadda yadda yadda." pkill again.
I tried opening the browser giving it a good url.
Better, the correct url opened, but also a browser tab apologizing that they could not restart the failed session. Great, I didn't want that nonsense to restart.
Normally I don't open the browser from the terminal, but I now have, and I noticed the following message on the terminal:
x-www-browser
1509298415156 addons.productaddons ERROR Request failed certificate checks: [Exception... "SSL is required and URI scheme is not https." nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 145" data: no]My question is... it this message "normal", or is part of the js nonesense still lurking in the background?
And also, should I have done something differently when I found myself in that situation?
Thanks,
David
Offline
#2 2017-10-29 19:14:54
- iMBeCil
- WAAAT?
- From: Edrychwch o'ch cwmpas
- Registered: 2015-09-29
- Posts: 767
Re: highjacked firefox
This is fairly normal behaviour, see for example here ... Might be a problem with the addon.
As for the 'hijacked' firefox .... try
$ firefox -safe-modeand check the start page in Properties, or check and disable (possibly) rogue addon(s); if nothing works, then perhaps certain settings are stored in 'about:config' and should be removed.
What was this particular (scam) page?
Last edited by iMBeCil (2017-10-29 19:15:40)
Postpone all your duties; if you die, you won't have to do them ..
Offline
#3 2017-10-29 19:53:05
- Head_on_a_Stick
- Member
- From: London
- Registered: 2015-09-29
- Posts: 9,093
- Website
Re: highjacked firefox
should I have done something differently when I found myself in that situation?
Running the browser with the firejail wrapper may help:
https://packages.debian.org/jessie-backports/firejail
However, the package is only available in the jessie-backports repository, unfortunately.
Instructions: https://backports.debian.org/Instructions/
Offline
#4 2017-10-29 19:55:49
- dbickin
- Member
- Registered: 2015-09-30
- Posts: 76
Re: highjacked firefox
Thanks, Looks like I am okay. I typed in Tattler.com, and it should have been Tattlerproducts.com (they make canning jar lids...)
So one of the extensions is acting up. Am I missing the clue that would tell me which extension?
David
Offline
#5 2017-10-29 19:58:56
- iMBeCil
- WAAAT?
- From: Edrychwch o'ch cwmpas
- Registered: 2015-09-29
- Posts: 767
Re: highjacked firefox
So one of the extensions is acting up. Am I missing the clue that would tell me which extension?
Well, not necessarily .... however, only way to find out which one it is, for example, disabling one by one, and test terminal output ...
Postpone all your duties; if you die, you won't have to do them ..
Offline
#6 2017-10-30 06:39:31
- ohnonot
- ...again
- Registered: 2015-09-29
- Posts: 5,592
Re: highjacked firefox
here's what i would do:
save bookmarks to a file.
make note of all installed addons.
move the whole effing ~/.mozilla folder out of the way.
start firefox in a pristine state, and do the necessary recovery.
unless you know exactly what caused the message and what to do to remove the offending pieces of code.
Offline
#7 2017-10-30 16:08:29
- dbickin
- Member
- Registered: 2015-09-30
- Posts: 76
Re: highjacked firefox
Thanks. I am going to try disabling addons to see if I can figure out which is generating the errors. Bonus is I can see which I really don't need anymore.
David
Offline
#8 2017-10-30 21:54:08
- iMBeCil
- WAAAT?
- From: Edrychwch o'ch cwmpas
- Registered: 2015-09-29
- Posts: 767
Re: highjacked firefox
^You're welcome 
When you find which one it is, please post it here. Thanks.
Postpone all your duties; if you die, you won't have to do them ..
Offline
#9 2017-10-31 02:27:49
- dbickin
- Member
- Registered: 2015-09-30
- Posts: 76
Re: highjacked firefox
Finding the culprit has proved elusive. The error just plain didn't show up as I was testing disabling and re-enabling the addons. It later DID show up, after some period of time of inactivity, when, I gather, the addon in question is probably trying to phone home to see if there is an update.... well, that is the only legitimate reason I can think of anyway.
I don't feel like taking the time to repeat the experiment and waiting to see if the message eventually pops up.
My gut feeling is that the bad JS code that prompted me to start this thread is purged from the system, and that was my main concern.
Thanks,
David
Offline
Pages: 1