Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Advertisement
By Manish Singh | Updated: 7 August 2015 20:20 IST
Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Mozilla is warning users about a vulnerability in its Firefox Web browser that could allow attackers to steal information from their computer. The browser-maker urges users to update Firefox to the latest available version -- v39.0.3 or above - to protect their system from the said vulnerability.

While by default Firefox automatically updates itself, those who have the setting off will have to manually update via the 'About Firefox' setting in the Help tab. Earlier this week, the company was notified by security researcher Cody Crews about a malicious ad on a Russian news portal that was exploiting a vulnerability in Firefox's PDF Viewer, a built-in feature. The exploit seeks sensitive files on the victim's computer and uploads it to a suspicious server reportedly located in Ukraine.

Versions of Firefox that don't support PDF Viewer including Firefox for Android client aren't vulnerable to the exploit. Firefox's Mac client is also not affected. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox's PDF Viewer," wrote Mozilla security chief Daniel Veditz.

"The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files."

Advertisement

In the blog post, Veditz also notes that the exploit looks for subversion, s3browser, Firezilla, and libpurple configuration files on the Windows systems. On Linux, the payload checks global configuration files in the /etc directory. It also looks into .bashhistory, .mysqlhistory, .pgsql_history, and .ssh configuration files and keys.

Veditz says that people who use ad-blocking tools might not be affected with the vulnerability either, though it isn't too sure about that. Regardless, you would want to update your Firefox Web browser to the latest version.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. iPhone 17 Might Offer the Screen Upgrade We've Been Waiting For
  1. Kedarnath Yatra Helicopter Booking Online Scam: Uttarakhand Police STF Reportedly Cracks Down on Cybercriminals
  2. Microsoft's Xbox Handheld Plans Reportedly Shelved; Company to Optimise Windows 11 Gaming Performance
  3. Disney+ Expands Subscriber Perks, Including Movie Premieres
  4. Google, DOJ to Make Final Push in US Search Antitrust Case
  5. Realme GT 7, Realme GT 7T With 7,000mAh Batteries Go on Sale in India: Price, Specifications, Sale Offers
  6. Vivo T4 Ultra Launch in India Teased; Company Hints at Periscope Telephoto Camera With 100x Zoom
  7. Perplexity Labs Launched With Ability to Generate Spreadsheets, Reports and Create Web Apps
  8. Oppo Find N5 Flip Reportedly in Development, Schematics Hint at Updated Design With New Camera Layout
  9. Vivo TWS Air 3 With Spatial Audio, Up to 45-Hour Battery Life Launched: Price, Specifications
  10. iPhone 17 Said to Feature Larger Screen With Long-Awaited Refresh Rate Upgrade
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.