Mozilla Pushing Users To Download The New Security Patch For Protection

The campaign was uncovered by Mozilla security lead Daniel Veditz in a blog post.

Veditz said the vulnerability allows malicious attackers to use some JavaScript magic to “search for and upload potentially sensitive” data from your hard drive to their servers. It’s also very unlikely the attack has seen widespread use at this point, as it was only first discovered on an advertising network in Russian Federation.

Right away, go to Help, then hit “About Firefox”, then press the “Check for Updates” button, to ensure you’ve got the latest version of the browser.

Mozilla reports that the vulnerability is produced by the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.

Even if you haven’t visited the Russian news site in question, it’s not known whether the ad has been deployed elsewhere.

According to Veditz, the payload searches for subversion, s3browser, Filezilla, and libpurple configuration files on Windows systems; whereas on Linux, the payload looks through global configuration files in /etc/ as well as.bash_history, .mysql_history, .pgsql_history, .ssh files, any text files with “pass” and “access” in the names, and any shell scripts.

The specific exploit found in the wild was only targeting Windows and Linux PCs; however, Veditz warns that Mac users would be vulnerable if the malware had been crafted differently. The company added that the “exploit leaves no trace that it has run on the local machine.”

Additionally, Mozilla notes the fix has been shipped in Firefox ESR 38.1.

The impact on you at home: If you use any of the programs mentioned above, Mozilla advises you to change your passwords and any keys associated with them. Ad-blocking software may also have protected users, depending on the filters being used.