Welcome Stranger to OCC!Login | Register

Serious Exploit Found in Firefox: Mozilla Urges Update

Category: Software
Posted: 11:36AM
Author:

After being contacted by a user on August 5, Mozilla has discovered and already built patches for a rather serious exploit. Before getting to that, if you use Firefox you should probably update to version 39.0.3 or Firefox ESR 38.1.1, depending on your version. To have the browser check for the update you can go to 'Help' -> 'About Firefox' and click the 'Check for updates' button.

The exploit comes from how the mechanism for enforcing JavaScript context separation (the "same origin policy") and Firefox's PDF Viewer. (If your Mozilla products do not include the PDF Viewer, like the Android version, you are safe.) The exploit does not allow arbitrary code to be executed, but does inject a JavaScript payload. So far the only observed use of this vulnerability was to transmit potentially sensitive files to a server apparently in Ukraine. Oddly the attack has a developer focus, as the files being searched for included configuration data for subversion, s3browser, and Filezilla on Windows, while on Linux it went after the configuration files in /etc/passwd as well as .bash_history, .mysql_history, .pgsql_history, and .ssh files and keys. Mac users would not be immune to this vulnerability, but were not apparently targeted.

The exploit does not leave a trace on a machine after it runs, so you may want to reset passwords if you use Firefox for Windows or Linux. As the exploit attacked via an ad on a Russian news site though, ad-blockers may provide a level of protection, but that is speculative and dependent on the blocking software and filters used.

Source: Mozilla Security Blog



Register as a member to subscribe comments.
ET3D on August 09, 2015 05:55
Thanks for the heads up. Updated.
get_saif on August 09, 2015 12:21

hmmm... I better stick with chrome, i like the way my google account syncz.. but i see chrome takes almost 310mb disk space on windows 10.

the11ama on August 13, 2015 06:49
Already using Adblock plus + Ghostery + NoScript. I also don't frequent Russian news sites...

This news has comment postings disabled because it is now archived.

© 2001-2017 Overclockers Club ® Privacy Policy
Elapsed: 0.0232119560   (xlweb1)