Update Firefox now: major vulnerability could steal your data

A major vulnerability discovered by Mozilla lurking on a Russian news site could steal your files and upload them to a Ukrainian server without you ever knowing.

The flaw exploits Firefox’s PDF viewer and the JavaScript context to inject a script that can search for and upload local files. All you need to do is load the page with the exploit and it’ll silently steal files in the background.

Interestingly, the files it searches for on the local system are mostly developer focused. On Windows, the attack specifically looks for FTP configuration files, subversion, .purple and other account information. On Linux, it looks for global configuration files and user directories.

Mac users aren’t specifically targeted by the attack that was discovered, but wouldn’t be immune if targeted.

All versions of Firefox are affected and Mozilla says that to protect against the exploit you should update to version 39.0.3 right now. Enterprise users can patch to 38.1.1.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s