Fabrizio Marana wrote:
It's just that in the last week I've been infected twice with the
Java/ByteVerify Trojan/virus...
No, you have not been infected. You accessed a page that contained this IE only trojan, the trojan got stored in the disk cache, so your anti-virus complains, but this is harmless, because this trojan can't affect Firefox.
Absolutely not true, there is a version of the ByteVerify Java attack that affects Sun's JRE 1.4.2_05 and older -- and Firefox users can be infected. If you have this older JRE then it's most definitely NOT harmless.
You are right that AV programs will continue to warn about the attack code in the cache even if you don't have a vulnerable JRE or encounter an IE-only variant of ByteVerify.
Flush your cache if the warnings annoys you. The philosophy of Firefox is not to do per-site protection, but not to be sensible to such things at all.
Firefox has many site-specific settings already (images, popups, xpinstall whitelisting, cookie blocking), I wouldn't say this is against anyone's philosophy. There are a lot of people wanting to control plugins/applets per site, there are probably some extensions that can do it already (there's the flash-specific "FlashBlock", for example).
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
