On Wednesday, Mozilla was informed by a Firefox user that an advertisement on a Russian news site was exploiting a previously unknown vulnerability in the browser, Daniel Veditz wrote on the Mozilla Security Blog. The exploit used the vulnerability to search the user’s computer for files that, once found, would be uploaded to a server that appeared to be located in Ukraine.
The exploit, like some other recently found vulnerabilities, involves the PDF format. Specifically, the vulnerability lies in the interaction between the browser’s “same origin policy” and Firefox’s built-in PDF viewer. Veditz notes that browsers that don’t contain the PDF viewer, like Firefox for Android, aren’t vulnerable to the exploit.
While the exploit itself didn’t allow the attacker to run arbitrary code, it did allow the injecting of a JavaScript file that would then run on the targeted system. Surprisingly, the script doesn’t search for personal data, but developer-focused files like configuration files for subversion, s3browser, Filezilla, and eight popular FTP clients. For more details on the exploit, see the full post on the Mozilla Security Blog.
Luckily, Mozilla was quick on the draw, and has already fixed the vulnerability. The fix is available in Firefox 39.0.3, and naturally Mozilla is urging all users to update. The vulnerability has also been fixed in Firefox ESR 38.1.1.
The exploit only targeted Windows and Linux users, but that doesn’t necessarily mean that Mac users have nothing to fear. Veditz writes that ” Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.”
If you use Firefox on a Windows or Linux machine, Mozilla recommends changing any passwords and security keys for programs targeted by the exploit. Veditz notes that ad-blocking software may have protected some users, but this isn’t a given, so you’re still better off updating Firefox.
