It said that it was a java script exploit linking to a PDF file. Also in the left hand corner of Firefox it was trying to get to a site or maybe a file named Sator.VV.CC.
So what I did was go to that site, it automatically launched java in my system tray, and then Firefox said it wanted to install a plug in (see the picture above). Then I got the alert from Avast that it was blocked.
Funny thing is right after this happened I was able to replicate it twice. Then right after that, Avast av updated its definitions. So I cleared cache and went back to the site after the virus defs updated and now its not happening.
So fp or was the site temporarily hijacked and is now clean?
Your image is unreadable (but the url of the alert doesn’t appear to be the geek.com site) crop the alert and it can be attached to the post using the Additional Options as a g.f, png or jpg.
Since it was alerting on some manual.pdf file and the alert relates to a pdf exploit, that may well be a good detection. Were you trying to download a pdf at the time ?
Well there was a link there i=on that page which if you clicked it took you to the proof of concept and it may have been that demo exploit that is getting trapped. But vv.cc domain doesn’t come out too clean on reputation, in this case seems related to another sub-domain but the whole domain appears to get tarred with the same brush http://www.mywot.com/en/scorecard/sator.vv.cc as it inherits the main domains rep.
Edit: Even if you manage to get round the various blocks the file system shield as the fall back option alerts on it, so I rather doubt it is an FP, how it is being launched from that geek.com is the thing, perhaps what they are on about an exploit. But I doubt that to as this doesn’t appear to follow the webgl flaw.