[false positive] xml.exploit detected in Adblock

afel111 · Post by **afel111** » Sun Sep 25, 2016 8:50 pm

ClamXav has found xml.exploit.CVE_2013_3860-3 in the Adblock Plus addon. Every site I used AP on resulted in this alert. I removed the files and AP. But as soon as I reinstalled AP, the alert came up again. Is this a false positive or do you have a problem that needs to be resolved. Will be disabling until this is sorted.

Required info:
AP version 2.7.3
Firefox version 49.0.1
Mac OS: Yosemite 10.10.5

This has only started very recently (last two days). I've narrowed it to the AP plug in as the issue. Thanks!

Post by **mapx** » Sun Sep 25, 2016 9:04 pm

report at ClamXav support site

afel111 · Post by **afel111** » Sun Sep 25, 2016 9:32 pm

I have notified them, however while I'm waiting you ABP may want to look into their code.
/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi is what continues to be reported as having the exploit.

Post by **mapx** » Sun Sep 25, 2016 9:38 pm

Obviously it's a false positive, you could add an exception in this case waiting for their response.

afel111 · Post by **afel111** » Sun Sep 25, 2016 10:17 pm

Just curious, why do you say "obviously?" Any info will help in case I encounter this again in other situations. Thanks!

smed79 · Post by **smed79** » Sun Sep 25, 2016 10:40 pm

afel111 wrote:Just curious, why do you say "obviously?" Any info will help in case I encounter this again in other situations. Thanks!

If you are in doubt, scan the file on https://www.virustotal.com/file/a9f9842 ... 474835997/ (using more than 50 antivirus at the same time).

afel111 · Post by **afel111** » Sun Sep 25, 2016 10:49 pm

smed79 wrote:If you are in doubt, scan the file on https://www.virustotal.com/file/a9f9842 ... 474835997/ (using more than 50 antivirus at the same time).

Thank you for the link! Very helpful.

madmacs · Post by **madmacs** » Mon Sep 26, 2016 12:25 am

Cannot confirm with my setup running OS X 10.9.5 at the moment.

Looks like version 2.7.3 (posted today?) tests as OK. Did you update it today?

smed79 · Post by **smed79** » Mon Sep 26, 2016 7:07 am

madmacs wrote:Did you update it today?

April 27, 2016
https://addons.mozilla.org/en-US/firefo ... sion-2.7.3

madmacs · Post by **madmacs** » Mon Sep 26, 2016 8:04 am

smed79 wrote: April 27, 2016

Thanks, looks like the creation date shown here is actually the date installed.

At any rate, VirusTotal doesn't show that file as infected nor does running ClamXav on my computer, so I am at a loss to explain why you are seeing this suddenly. The definition signature was added on 5 Aug, so it would seem you should have seen it before today.

Guess we'll just have to wait to see what the ClamXav HelpDesk has to say when they come to work. I suspect they will want you to run a diagnostic for them.

afel111 · Post by **afel111** » Tue Sep 27, 2016 7:39 pm

For anyone curious: It is a false positive. Don't know why it shows up, though.

Thanks for everyone's input!

Adblock Plus

[false positive] xml.exploit detected in Adblock

[false positive] xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock

Re: xml.exploit detected in Adblock