This article is more than 1 year old

Update Firefox NOW to foil FILE-STEALING vulnerability exploit, warns Mozilla

Ursi contra vulpes

How did we get here?

Mozilla said that the vuln had been produced by the interaction of the mechanism that enforces JavaScript context separation (the "same origin policy") and Firefox's PDF Viewer.

Mozilla products which don't contain the PDF Viewer, such as Firefox for Android, remain unaffected by the vuln.

Mozilla stated:

The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed.

According to Mozilla:

  • On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.
  • On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts.

It's also worth noting that, while Mac users were not targeted by this particular exploit, they would not be immune to the vulnerability should cybercriminals create a different payload.

Mozilla said:

The exploit leaves no trace if it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs.

People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.

Long story, short: Firefox fans should update their browser as soon as possible. ®

More about

TIP US OFF

Send us news


Other stories you might like