Date: Fri, 24 Apr 2020 11:17:25 +0000 (UTC) From: Greg Quinlan <gwq_uk@yahoo.com> To: "gecko@freebsd.org" <gecko@freebsd.org> Cc: Greg Quinlan <greg@cordonbleucook.com> Subject: Firefox 75.0 - potentially COMPROMISED! Message-ID: <260623557.101611.1587727045856@mail.yahoo.com> References: <260623557.101611.1587727045856.ref@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Gecko, I have been involved with FreeBSD since version 1.0 (the unofficial release= - LOL) but not recently ... until the lockdown. Basically I strongly believe Firefox has been compromised with what looks l= ike a "backdoor". I recently upgraded all my FreeBSD boxes to 12.1-p3 and packages (pkg updat= e etc) to the latest including Firefox 75.0. On one of the FreeBSD boxes connected only via WIFI the network became slow= , almost unusable. So I installed WireShark,=C2=A0again from the pkg collec= tion and started it monitoring the wlan0 network interface. With just the Firefox running and https://google.co.uk loaded I see WireSha= rk displaying dozens of WAN IP addresses connecting to my FreeBSD box. Netw= ork traffic suddenly went very high, and it seems many of the connections a= re using TCP ports 66 (??) and 443 (HTTPS). With Firefox closed the connections disappear. (I think [not sure] but one = local address remained i.e. 192.168.1.5 ... it looks like it managed to set= up a PPTP with my box) What is most distribing is that after a short period, I saw a local IP addr= ess created (192.168.1.5) that appeared to be attached to a WAN address (an= d my box). I can confirm that the only device connected to the network at t= he time was my FreeBSD system on 192.168.1.11. This local address (192.168.= 1.5) was using HTTPS (443) and connecting to numerous other WAN IP addresse= s. Consistently the same LAN=C2=A0 IP 192.168.1.5 <-> WAN 45.60.13.212 and = 192.168.1.11 <-> 45.60.13.212=C2=A0 An IP address location site I tried did not make much sense, as it shows th= is IP address to be present on different dates in different countries. I did a "nmap -Pn 45.60.13.212" and just about every TCP/IP service you cou= ld think of was open!!=C2=A0 To be absolutely sure, I systematically made sure that every wired and wire= less device was switched off, so I am certain! None of my local devices use= d this address of 192.168.1.5!! How would you like to proceed? I can demonstrate what is happenning or you = could try this yourself. (I have had to let the family back on the network = before they all went mad - LOL) Regards Greg Ph: +44 1980 731 335 Mb: +44 771 3672 888 ps. I am in the UK, please free to call if you want.pps. I have tried the s= ame thing on a Linux VirtualBox (Centos 7-1908) and the same thing happens. From owner-freebsd-gecko@freebsd.org Sat Apr 25 22:20:53 2020 Return-Path: <owner-freebsd-gecko@freebsd.org> Delivered-To: freebsd-gecko@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EC8992C28D6 for <freebsd-gecko@mailman.nyi.freebsd.org>; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 498lqT62FNz4dXc for <freebsd-gecko@freebsd.org>; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id CD0CE2C28D5; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) Delivered-To: gecko@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CCCB92C28D4 for <gecko@mailman.nyi.freebsd.org>; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 498lqT555Gz4dXb for <gecko@FreeBSD.org>; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AA0B4EB72 for <gecko@FreeBSD.org>; Sat, 25 Apr 2020 22:20:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 03PMKrp3052760 for <gecko@FreeBSD.org>; Sat, 25 Apr 2020 22:20:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 03PMKrQY052650 for gecko@FreeBSD.org; Sat, 25 Apr 2020 22:20:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: gecko@FreeBSD.org Subject: maintainer-feedback requested: [Bug 245915] www/firefox: crashing tabs for certain websites Date: Sat, 25 Apr 2020 22:20:51 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: gecko@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? Message-ID: <bug-245915-21738-qMe366nmGa@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-245915-21738@https.bugs.freebsd.org/bugzilla/> References: <bug-245915-21738@https.bugs.freebsd.org/bugzilla/> X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gecko Rendering Engine issues <freebsd-gecko.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-gecko>, <mailto:freebsd-gecko-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gecko/> List-Post: <mailto:freebsd-gecko@freebsd.org> List-Help: <mailto:freebsd-gecko-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-gecko>, <mailto:freebsd-gecko-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 25 Apr 2020 22:20:54 -0000 Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-gecko mailing = list <gecko@FreeBSD.org> for maintainer-feedback: Bug 245915: www/firefox: crashing tabs for certain websites https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245915 --- Description --- Moin moin=20 Since the upgrade to 75.0 tabs of e.g. 'https://www.galaxus.ch/' keep crash= ing [1] mfg Tobias [1] Gah. Your tab just crashed. We can help! Choose Restore This Tab to reload the page.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?260623557.101611.1587727045856>