• Home
  • Apps
  • Apps News
  • Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch

Firefox Vulnerability Lets Attackers Steal Information; Mozilla Issues Patch
Advertisement

Mozilla is warning users about a vulnerability in its Firefox Web browser that could allow attackers to steal information from their computer. The browser-maker urges users to update Firefox to the latest available version -- v39.0.3 or above - to protect their system from the said vulnerability.

While by default Firefox automatically updates itself, those who have the setting off will have to manually update via the 'About Firefox' setting in the Help tab. Earlier this week, the company was notified by security researcher Cody Crews about a malicious ad on a Russian news portal that was exploiting a vulnerability in Firefox's PDF Viewer, a built-in feature. The exploit seeks sensitive files on the victim's computer and uploads it to a suspicious server reportedly located in Ukraine.

Versions of Firefox that don't support PDF Viewer including Firefox for Android client aren't vulnerable to the exploit. Firefox's Mac client is also not affected. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox's PDF Viewer," wrote Mozilla security chief Daniel Veditz.

"The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files."

In the blog post, Veditz also notes that the exploit looks for subversion, s3browser, Firezilla, and libpurple configuration files on the Windows systems. On Linux, the payload checks global configuration files in the /etc directory. It also looks into .bashhistory, .mysqlhistory, .pgsql_history, and .ssh configuration files and keys.

Veditz says that people who use ad-blocking tools might not be affected with the vulnerability either, though it isn't too sure about that. Regardless, you would want to update your Firefox Web browser to the latest version.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Soon, Anyone Can Activate or Deactivate Mobile Internet With a Simple SMS
Google Makes It Harder to Trick Users Into Installing Chrome Extensions
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »