Mozilla urges users to update Firefox with file stealing exploit in wild

Basically, that means the attack relies on Firefox’s PDF Viewer, so versions of the browser that don’t have it, like on Android, aren’t susceptible.

All Firefox users are urged to update to Firefox 39.0.3. The security hole allows JavaScript to be injected, letting an attacker search your computer and then upload files to a server in Ukraine. “On Linux, the exploit looks for global configuration files similar to that of “/etc/password” and “.bash_history, mysqp_history, Pgsql_history.ssh” file formats in all user directories.

Earlier this week, Mozilla was notified by security researcher Cody Crews that a malicious advertisement on a Russian news site was exploiting a vulnerability in Firefox’s PDF Viewer to search for sensitive files on users’ local file systems.

Mozilla reports that the vulnerability is produced by the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. This all appears to happen in the background with the user none the wiser.

Mac users are not impacted by this exploit, but Veditz warned that another payload could potentially use the same vulnerability. On Windows, the attack specifically looks for FTP configuration files, subversion, .purple and other account information.

One issue is that the program leaves no trace that it has been run on a machine.

You need to install updates on your browser at once, because there’s an exploit in it that wants to steal your data and has been turning up on websites and causing havoc.

Firefox will update automatically in time, but to do it manually right now, click on the “hamburger” settings menu on the upper right hand side and select the question mark icon at the bottom of the drop-down window. If you are running 39.0.3 you’re good to go.