Mozilla warns Firefox users to disable Java over zero-day exploit

By Lee Kaelin on August 30, 2012, 1:00 PM

Mozilla has warned Firefox users to disable Oracle's Java software framework plugin after researchers discovered that cybercriminals are actively exploiting yet another zero-day vulnerability in the cross-platform software. Atif Mushtaq, a security researcher for FireEye, first discovered the flaw in the wild (CVE-2012-4681) on Sunday and successfully used it to breach his test machine running Firefox with JRE 1.7 update 6 installed. It remains unpatched by Oracle and currently poses a risk to all 1.7x versions of Java.

Mushtaq said the exploit is hosted on the domain ok.xxx4.net which resolved to Taiwan at the time of writing. If it compromises your computer, it can install Dropper.Ms.PMs with data sent back to separate command and control servers using the IP 223.25.233.244, which resolves to Singapore.

On Monday, researchers Andre DiMino and Mila Parkour posted that the exploit appears to install the Poison Ivy remote access Trojan, although the number of infections are currently low. That said, Oracle typically sticks to a quarterly update cycle, so a patch could be weeks or months away and with the exploit code becoming more readily available on underground sites, we could witness a dramatic increase in infections.

"As a user, you should take this problem seriously, because there is currently no patch from Oracle," a Rapid7 exploit developer said. "For now, our recommendation is to completely disable Java until a fix is available."

In the meantime, those that don't require Java for essential use should consider disabling it to reduce the risk of infection. This can be achieved in the plugin section of most browsers, though IE users can use this blog post for guidance. To ensure it has been disabled, you can test whether Java is running by heading to Oracle’s Java test page.




User Comments: 21

Got something to say? Post a comment
H3llion H3llion, TechSpot Paladin, said:

How would you know if you are infected?

Guest said:

Java is a resource hog of little use anyway.Leave it disabled.

1 person liked this | Spencer Corliss said:

Agreed, How would I know if I'm infected ?

Guest said:

You can also use NoScript in Firefox to block Java.

H3llion H3llion, TechSpot Paladin, said:

Agreed, How would I know if I'm infected ?

I looked online but other then booting from safe mode and running MBAM its pretty much it.

Today my PC crashed while viewing a ... well bee... porn site. I assumed that it is a crash from closing nvidia update tasks in the processes tab since my resolution messed up and it feels like I don't have a working display driver.

My Avira has also been disabled and I am unable to turn it back on. I booted in safe mode, also switched router (get different IP, maybe it helps also switched from old netgear router to the VM superhub) and I am about to reinstall Avira. Will boot again in safe mode after.

MBAM showed 2-3 malware detections but I doubt either of them could be related to this, but regardless removed them and after run TFC clean. Will do another scan after reinstalled Avira.

Haven't done a machine scan for two months now, slacking I know. When I get my new machine (saving up) Il deffo use Truecrypt and software which makes an image of earlier version of the OS, so incase some shit goes down I can just flash it to the backup image.

Anyway, haven't had such weirdly strange issue for some time (when I was a kid, oh god viruses, deleting important Windows Files, haha good times ..... not).

H3llion H3llion, TechSpot Paladin, said:

Also checking active connections on your machine using netstat -a in CMD can be helpful too, but personally I wouldn't be able to tell what is suspicious heh, unless I analyse all the IPs while running idle.

Think about this, maybe they are seeing what I am typing! OH SHII1111***!!! :p

Oh god I am ***** ....

(amazing English skills, come at me!)

Marco B Marco B said:

They release the patch for it, version 7 update 7 is out.

bugejakurt said:

As Marco said they released patch update 7 you can get from "http://www.oracle.com/technetwork/java/javase/download
/index.html" To test if you can be infected go to "http://www.isjavaexploitable.com/"

H3llion H3llion, TechSpot Paladin, said:

Updated, my mums Computer is so smooth and it is a damn laptop :P Then again she does not go on porn, well as far as I am aware haha O.o

Anyway, my GPU has failed, or at least it is not being detected and doubtful it is from a nastie (virus/malware/trojan).

Three options for me:

Reassemble GPU

Reinstall Windows

Flash BIOS

(gtx 460 from 09).

Anyway, il rather keep away from derailing this. Posted this on few forums, sharing is caring right? ;p

Leeky Leeky said:

It would be worth creating a new thread with the problem @Artix as you'll get a better response from the community that way.

Guest said:

I only bother enabling java when I need to use it anyway, I only have the flash plugin at the moment and eventually ill remove that too. The web is evolving and the less we have to use plugins the more secure our browsers become.

RajeGera RajeGera said:

There are so many applications that are java dependent..disabling it wont b an option..is there any oder way around ?

teribithia said:

Now Java is not the necessary for our IE now, in the early days many media and active are created by java.

Mohankr.vish said:

That is not possible for hacker ....

JAVA is important any ways..

Mohankr.vish said:

How would you know if you are infected?

run a virus scan to confirm your self

H3llion H3llion, TechSpot Paladin, said:

How would you know if you are infected?

run a virus scan to confirm your self

Assuming it will be detected.

Jim$ter said:

Disabling JAVA and/or flash player is not a good idea for most people in that you will break the web. MANY, and I mean many, sites rely on 1 or both technologies. I just wish they had rapid updates and not try to install garbage every time you update them.

Camikazi said:

Disabling JAVA and/or flash player is not a good idea for most people in that you will break the web. MANY, and I mean many, sites rely on 1 or both technologies. I just wish they had rapid updates and not try to install garbage every time you update them.

I have had Java disabled for a while and web works fine, java script  is used everywhere but Java isn't used anywhere near as much.

9Nails, TechSpot Paladin, said:

Java - never backwards compatible, always a security issue. Why is it still being used?

WithoutAnyMilk WithoutAnyMilk said:

Java - never backwards compatible, always a security issue. Why is it still being used?

Somebody get this man a cigar!

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.