I'm seeing a lot of alerts in the last couple days for threatID 33542 when users are visiting facebook via http://www.facebook.com/
Could this be a false positive? Anyone else seeing a jump in this threat?
We are seeing the same thing over here. Every source IP seems to be Akami CDN servers that serve Facebook from our ISP, so I'm really thinking this is a false positive.
threatid: Mozilla Firefox GeckoActiveXObject Method Denial of Service Vulnerability(33542)
Some more info:
Attack Name: Mozilla Firefox GeckoActiveXObject Method Denial of Service Vulnerability
Description: Mozilla Firefox is prone to a denial of service vulnerability while parsing certain crafted HTTP responses.The vulnerability is due to the lack of proper checks on GeckoActiveXObject Method in the HTTP response, leading to an exploitable denial of service vulnerability. An attacker could exploit the vulnerability by sending a crafted HTTP response. A successful attack could lead to denial of service with the privileges of the current logged-in user.
Threat ID: 36871
There have been some changes made to Facebook code that is causing some false positives to be triggered for this ThreatID. We are working to address this issue in next week's update.
According to the result of our lab test,
it may be fixed with the latest content ver.308-1390.
- there is not this fix on release note though...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!