Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Μάθετε περισσότερα

Sites without SSL getting clickjacked

  • 5 απαντήσεις
  • 1 έχει αυτό το πρόβλημα
  • 2 προβολές
  • Τελευταία απάντηση από werty37

more options

I am using Firefox 75 on MacOS Mojave. On sites without SSL, the clicks getting hijacked. This happens even on sites like stopbadware.org.

I managed to find the file, cf.common.js which is doing this. Strangely, this JS file seems to be different when viewing from stopbadware.org directly. Please see attached screenshots.

cf.common.js seems to loading another js with random number as name without a .js extension file from a website hobfadbig.com

I am attaching FiddleJs URLs of cf.common.js and 7250

https://jsfiddle.net/#&togetherjs=VaxaRSMe9d https://jsfiddle.net/#&togetherjs=yLSvHRy9jh

I raised this question on Stackoverflow as well but i didn't get any answer.

I have Avast free version installed on my Mac. And i do not have any funny extensions/plugins on Firefox.

Thanks

I am using Firefox 75 on MacOS Mojave. On sites without SSL, the clicks getting hijacked. This happens even on sites like stopbadware.org. I managed to find the file, cf.common.js which is doing this. Strangely, this JS file seems to be different when viewing from stopbadware.org directly. Please see attached screenshots. cf.common.js seems to loading another js with random number as name without a .js extension file from a website hobfadbig.com I am attaching FiddleJs URLs of cf.common.js and 7250 https://jsfiddle.net/#&togetherjs=VaxaRSMe9d https://jsfiddle.net/#&togetherjs=yLSvHRy9jh I raised this question on Stackoverflow as well but i didn't get any answer. I have Avast free version installed on my Mac. And i do not have any funny extensions/plugins on Firefox. Thanks
Συνημμένα στιγμιότυπα

Επιλεγμένη λύση

Thanks. I think some program on my mac is trying to exploit Firefox Accessibility Services to perform a sneaky clickjack. I enabled "Prevent accessibility services to access your browser" from Preferences under Privacy and Security. This is now makes sure the clickjack does not work.

I have installed Malwarebytes (free) and Avast (free) but both do not report anything unusual.

I would like to know which program is accessing this feature. How can I find this? Please let me know.

Ανάγνωση απάντησης σε πλαίσιο 👍 0

Όλες οι απαντήσεις (5)

more options

First, let's make sure your system is clean.

You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Many site issues can be caused by corrupt cookies or cache.

Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.

If there is still a problem, Start Firefox in Safe Mode {web link} by holding down the <Shift> (Mac=Options) key, and then starting Firefox.

A small dialog should appear. Click Start In Safe Mode (not Refresh). Did this help?

While you are in safe mode;

Try disabling graphics hardware acceleration in Firefox. Since this feature was added to Firefox it has gradually improved but there are still a few glitches.

How to disable Hardware Acceleration {web link}

more options

Επιλεγμένη λύση

Thanks. I think some program on my mac is trying to exploit Firefox Accessibility Services to perform a sneaky clickjack. I enabled "Prevent accessibility services to access your browser" from Preferences under Privacy and Security. This is now makes sure the clickjack does not work.

I have installed Malwarebytes (free) and Avast (free) but both do not report anything unusual.

I would like to know which program is accessing this feature. How can I find this? Please let me know.

more options

werty37 said

I would like to know which program is accessing this feature. How can I find this? Please let me know.

This should be written on the about:support page, in the Accessibility section. Parhaps you have to disable prevention to see the activator.

more options

Thank you. It does not seems to happen anymore after I installed Malwarebytes, thought it did not find any suspicious activity.