Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Advertisement
By Manish Singh | Updated: 7 August 2015 20:20 IST
Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Mozilla is warning users about a vulnerability in its Firefox Web browser that could allow attackers to steal information from their computer. The browser-maker urges users to update Firefox to the latest available version -- v39.0.3 or above - to protect their system from the said vulnerability.

While by default Firefox automatically updates itself, those who have the setting off will have to manually update via the 'About Firefox' setting in the Help tab. Earlier this week, the company was notified by security researcher Cody Crews about a malicious ad on a Russian news portal that was exploiting a vulnerability in Firefox's PDF Viewer, a built-in feature. The exploit seeks sensitive files on the victim's computer and uploads it to a suspicious server reportedly located in Ukraine.

Versions of Firefox that don't support PDF Viewer including Firefox for Android client aren't vulnerable to the exploit. Firefox's Mac client is also not affected. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox's PDF Viewer," wrote Mozilla security chief Daniel Veditz.

"The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files."

Advertisement

In the blog post, Veditz also notes that the exploit looks for subversion, s3browser, Firezilla, and libpurple configuration files on the Windows systems. On Linux, the payload checks global configuration files in the /etc directory. It also looks into .bashhistory, .mysqlhistory, .pgsql_history, and .ssh configuration files and keys.

Veditz says that people who use ad-blocking tools might not be affected with the vulnerability either, though it isn't too sure about that. Regardless, you would want to update your Firefox Web browser to the latest version.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Poco F7 Design Spotted in Leaked Renders; Battery Specifications Revealed
  2. Nothing Phone 3 Surfaces on Walmart Website Which Reaffirms Its US Launch
  1. Maryade Prashne Now Streaming on SunNXT: Everything You Need to Know
  2. Good Wife OTT Release: When and Where to Watch Tamil Legal Drama Online?
  3. Android 16 QPR1 Beta 2 Update for Pixel Reportedly Brings New Launch Animation for Gemini Overlay
  4. Jinn - The Pet OTT Release Date: When and Where to Where to Watch Tamil Horror-Comedy Online?
  5. DD Next Level Now Streaming: Know Where to Watch This Tamil Horror-Comedy
  6. Nothing Phone 3 Listed on Walmart Website, Reaffirming Its Launch in the US
  7. OnePlus Pad Lite Design and Key Specifications Leaked, Could Launch Soon
  8. Samsung's Upcoming Running Events Reportedly Hint at Galaxy Z Fold 7, Flip 7 and Watch 8 Series Launch Timeline
  9. Poco F7 Design Spotted in Leaked Renders; Battery Specifications Revealed via Flipkart
  10. Neuralink Device Helps Monkey See Something That’s Not There
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.