Firefox users: Update Firefox now!

The vulnerability has also been fixed in Firefox ESR 38.1.1.

The Mozilla blog explains the vulnerability, which comes “from the interaction of the mechanism that enforces JavaScript context separation and Firefox’s PDF Viewer”. As such, as products of Mozilla which do not use the PDF Viewer, such as the version of Firefox for the Android operating system, are not affected by the problem.

Although Veditz have not name the Russian news broadcast website – many things subscribers required him to perform among the remarks additional for his blog post – he full what your opponents had focused upon. It allows an attacker to run potentially malicious JavaScript code in the context of the local computer rather than the safe sandbox of the web browser.

To update Firefox to the latest version, click on the Help menu from the Menu Bar or the Firefox button in the upper left corner.

On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. The exploit was served in an advertisement on an undisclosed Russian news site, but Veditz said he couldn’t rule out the possibility that other sites also hosted the attack.

The specific exploit found in the wild was only targeting Windows and Linux PCs; however, Veditz warns that Mac users would be vulnerable if the malware had been crafted differently. This allows the exploit to search and then upload local files, which could be sensitive in nature. “If you use Firefox on Windows or Linux it would be prudent to change any passwords”, he said.

So if you are on any of these three platforms, you must update Firefox immediately (you can finish this story later).

The exploit does not leave a trace of being unleashed on local machines. Firefox users with an Adblock extension are possible protected against the exploit but it depends on what kind of filter they use.