firefox has penetrated my system ?! it has malware in it. reading my disk hard.

debguy

Well-Known Member

Reaction score: 24
Messages: 255

So I'm working to improve stability of some software. Suddenly my disk light starts working hard I can hear it, from years of experience I know it's not "cron running find". I check my ps list and the only possibility is firefox (which I set to NOT auto update, only has a few pages open and i'm in a tty X is not the active terminal (freebsd and github pages btw). I KILLED firefox, the light went off immediately. It had been running hard for probably 30 seconds or longer I did not react to it quickly. I can also note I have few book marks and kill the cache completely on exit there is no cache to speak of.

Is this kind of "penetration" by firefox normal in freebsd today? I know for sure firefox does "not activate the disk light hard for 30 seconds" ever for any reason.

Perhaps I am just unlucky and got targeted by an angry hacker. This was yesterday it happened btw.
 

mark_j

Aspiring Daemon

Reaction score: 514
Messages: 956

Instead of this reaction, create a jail, run it in there and trace what it's doing. My bet is it's 'vacuuming' one of the many databases.
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,265

www/firefox-esr is the only browser I've used in over a year. I keep an eye on sysutils/gkrellm2 to keep track of performance issues or unusual behavior. I've never caught it doing reflective of malware and can set it to monitor different ports for activity and build mine from ports.

My one recommendation would be not to allow JavaScript free global access and personally use NoScript to keep it from happening.
 

Snurg

Daemon

Reaction score: 578
Messages: 1,349

When Firefox does this, its threads are being displayed as swread in top.
No idea what is going on there, as free memory is atm 20gb.
This behaviour is nothing new, it disappears when one swapoffs the system.
 

vigole

Daemon

Reaction score: 1,193
Messages: 1,103

Is this kind of "penetration" by firefox normal in freebsd today?
NCND

* Create new profile, start firefox with that, and inspect its behaviour.
* Use about:performance to check tab performance.
* Use about:memory to check memory usage.
* Use about:networking to monitor networking information
* Limit the saving session operation: browser.sessionstore.interval. More info at:
http://kb.mozillazine.org/Browser.sessionstore.interval
http://kb.mozillazine.org/Session_Restore

[EDIT]:
You can also use Wireshark to inspect traffic. Just read the Wireshark Wiki TLS article beforehand.
 

drhowarddrfine

Son of Beastie

Reaction score: 2,029
Messages: 4,034

Is this kind of "penetration" by firefox normal in freebsd today?
No it is not. Does Firefox have malware in it? No. Look elsewhere. Many of us run Firefox as our daily driver with no such issues. The problem is neither Firefox or FreeBSD.
 

kpedersen

Son of Beastie

Reaction score: 1,671
Messages: 2,506

I have a slightly weird one with Firefox that maybe is what the OP is experiencing. Whenever I go on a site utilising a Canvas or WebGL with a "loop" via requestAnimationFrame. My hard-drive goes 100%. I think potentially it is creating error logs due to some OpenGL issue (canvas uses GL underneath).

For example this page: https://get.webgl.org/

Honestly I never really looked into it because, well I disable WebGL and my ad-blocker generally stops this stuff displaying anyway (I don't play web games).

But I highly recommend running it in a jail. Firefox is certainly a more trustworthy browser of the bunch, but any program that makes arbitrary connections to thousands of unknown hosts should really be sandboxed.
 

vigole

Daemon

Reaction score: 1,193
Messages: 1,103

Years ago, there was a self-proclaimed security expert, who accused Microsoft of implementing a Backdoor into the WMF.
A few days later, he got hosed. It was a public embracement. He was an early example/product of "self-esteem movement".
 

Raffeale

Active Member

Reaction score: 33
Messages: 215

firefox has some bug which hacker could use it to hack your computer. i met a firefox bug , that hacker hacking my wifi and spoof dns for me and dns redbind ,and then use xorg bug to get root privileges. so freebsd should drop the root privileges after xorg start,this could prevent hacker got root privileges. the openbsd add new function to drop xorg's root privileges.i think freebsd should do this. i hope the freebsd13 are PIE for all application.
 

wolffnx

Aspiring Daemon

Reaction score: 213
Messages: 649

If you have doubts can run lsof and many of his filters to see what files are firefox accesing
 

Trihexagonal

Daemon

Reaction score: 1,694
Messages: 2,265

...that hacker hacking my wifi...
There's the weak link in the chain. I live in a building with approx. 50 apartments and use an Ethernet LAN. All radio signals on router and laptops disabled are disabled.

Now net-mgmt/kismet will let me observe many that do use it. I heard one guy talking about using an unsecured hotspot he called inkydink. I said you mean Linksys? Oh yeah, that's it.

I talked them into giving us free wi-fi but you can only use it short distance and I can't use it. None of them here have any computer skills to speak of and it would be a simple thing to provide them one with www/mitmproxy, but not very neighborly or interesting for me. Botnets might be...
 
Top