If you use Firefox, you should update now to avoid file stealing exploit

Posted at 12:32 PM, Aug 07, 2015
and last updated 2015-08-07 14:42:29-04

Firefox users should update to 39.0.3 as soon as possible due to a security threat revealed on Thursday.

If you use Firefox, you should update your browser now to prevent a flaw in the software that could allow hackers to “search for and upload potentially sensitive” from your hard drive to their servers.

Mozilla is asking all Firefox users to upgrade to version 39.0.3. Most users have automatic updates turned on, however it’s important to make sure you’re running the most recent version of Firefox.

The security issue only affects PCs because the flaw relies on an interaction between the browser’s PDF viewer and other features in the browser. Mac and Android users are not affected.

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.” — Daniel Veditz, Mozilla

People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.

The exploit leaves no trace it has been run on the local machine.

A Firefox user alerted Mozilla after discovering the flaw while browsing on a Russian news website.