No idea how to turn off PNG image loading with Noscript. Many years ago I wrote a browser that ignored all images and only returned barely formatted text to the users command line, I wonder if I can rebuild re-use this till the exploit is patched up. (IIRC, it was message board avatars that people used which drove me crazy, to the point I would rather read the forum without any images whatsoever additionally at the time I was under a bandwidth cap.
If anyone knows of any browsers similar to the one I coded that is decent let me know.
Topic: PNG Image Metadata Leading to iFrame Injections (Read 1027 times)
Maybe using noscript addon will block Javascript and prevent this exploit for the time being.
https://addons.mozilla.org/en-US/firefox/addon/noscript/
Not sure if Chrome has it
https://addons.mozilla.org/en-US/firefox/addon/noscript/
Not sure if Chrome has it
Just installed it, I hope it helps.
Is there some way to only turn off PNG loading? Still allowing for JPG, GIF.
Maybe using noscript addon will block Javascript and prevent this exploit for the time being.
https://addons.mozilla.org/en-US/firefox/addon/noscript/
Not sure if Chrome has it
https://addons.mozilla.org/en-US/firefox/addon/noscript/
Not sure if Chrome has it
Yuck, a malicious steggo. That is hard to deal with. Do I need to shut off image loading? Would that even do it, or is the PNG read but not displayed in that case?
Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?
Javascript is totally unrelated to java. So, no.
Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?
Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.
http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047
http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047
Jump to: