Security Vulnerability On This Forum. Empty File Download.

Hello,



During period July 30 - August 10 - there was a malicious code on the forum - when you viewed some topic a 0-size pdf file was downloaded.

This reasons were:

  1. Mozilla Firefox vulnerability
  2. IPB forum vulnerability



    Do I have to worry:

    Yes, if you had the following:
  • Windows or Linux OS,
  • Firefox browser
  • and downloaded this file (see example of how it looked in this thread)



    So if you've got this empty file download, we recommend to change all the passwords that stored locally, especially for FTP account programs like FileZilla etc.



    More details on vulnerability and what data could be stolen see in Mozilla official report: https://blog.mozilla…nd-in-the-wild/



    P.S. At the moment we are updating IPB forum and will roll out latest version within 1-2 days.

To clarify.

Windows or Linux OS

AND

Firefox.

I use Windows and Chrome ( or IE )

so can I presume I was safe ?

To clarify.
Windows or Linux OS
AND
Firefox.

I use Windows and Chrome ( or IE )
so can I presume I was safe ?

Yes, only Firefox was vulnerable.

Thank you imac.

I wonder just how splendid software would be if developers didn't have to spend so much time

on security issues.

From Mozilla Security Blog, August 6, 2015:

"Update: we’ve now seen variants that do have a Mac section, looking for much the same kinds of files as on Linux."

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/comment-page-1/

It may help to use the FireFox history feature to confirm whether you visited the forums during the affected dates, Click on the three line "hamburger" icon, History, then Show All History. Right-click the header to display Most Recent Visit column if not already enabled. In the Search History tool type forum. This should show you - among others - any access to the CS-Cart forums.

Unfortunately, the Added column does not seem to work in my browser, only Most Recent Visit, but in my case this was enough to confirm that I did not use FireFox to visit CS-Cart forums from July 27th through August 10th 2015.

Is the forum now using the last version of IPB3: 3.4.8?

Are you planning to update to IPB4 or the upcoming 4.1 to keep this forum current and secure?

Question on this: if my FF was set to save pdfs instead of open them in the browser, would I have been affected by this?