Mozilla is urging all Firefox users to update their browser following the discovery of a file-stealing exploit.
Advertisement
A day before news broke that Russian hackers were able to access part of the Joint Chief’s email at the Pentagon, a Firefox user found vulnerability that could send your sensitive files to a server in the Ukraine.
Interestingly, the files it searches for on the local system are mostly developer focused.
Mozilla explains it thus, “The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer”. Firefox for Android, and other Mozilla products that don’t sport the built-in PDF Viewer, are not affected.
Mozilla is asking all Firefox users to upgrade immediately to version 39.0.3.
Even if you haven’t visited the Russian news site in question, it’s not known whether the ad has been deployed elsewhere.
The fix for the vulnerability is available now and Firefox users are recommended to update their browser as soon as possible. On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. The company added that the “exploit leaves no trace that it has run on the local machine.”
The exploit in its current form will only work on Windows computers, though there’s no reason why it couldn’t be rewritten to use the same hole on Macs too.
The impact on you at home: If you use any of the programs mentioned above, Mozilla advises you to change your passwords and any keys associated with them.
Advertisement
People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.
