Jump to content
Sign in to follow this  

Serious Exploit Found in Firefox: Mozilla Urges Update

Recommended Posts

After being contacted by a user on August 5, Mozilla has discovered and already built patches for a rather serious exploit. Before getting to that, if you use Firefox you should probably update to version 39.0.3 or Firefox ESR 38.1.1, depending on your version. To have the browser check for the update you can go to 'Help' -> 'About Firefox' and click the 'Check for updates' button.

The exploit comes from how the mechanism for enforcing JavaScript context separation (the "same origin policy") and Firefox's PDF Viewer. (If your Mozilla products do not include the PDF Viewer, like the Android version, you are safe.) The exploit does not allow arbitrary code to be executed, but does inject a JavaScript payload. So far the only observed use of this vulnerability was to transmit potentially sensitive files to a server apparently in Ukraine. Oddly the attack has a developer focus, as the files being searched for included configuration data for subversion, s3browser, and Filezilla on Windows, while on Linux it went after the configuration files in /etc/passwd as well as .bash_history, .mysql_history, .pgsql_history, and .ssh files and keys. Mac users would not be immune to this vulnerability, but were not apparently targeted.

The exploit does not leave a trace on a machine after it runs, so you may want to reset passwords if you use Firefox for Windows or Linux. As the exploit attacked via an ad on a Russian news site though, ad-blockers may provide a level of protection, but that is speculative and dependent on the blocking software and filters used.

Source: Mozilla Security Blog

Back to original news post

Share this post

Link to post
Share on other sites
Sign in to follow this