firebox

Firefox Becomes Vulnerable. Update it now!

Firefox the largest and most popular browser becomes vulnerable. Hackers can steal your data using Firefox. If you are using Firefox 39.0 or older version than it is highly recommended that you must update your browser to latest 39.0.3. Firefox updated a patch with its latest version 39.0.3 to protect user’s data and any possible hacking threat.

If you have set your Firefox to update automatically then you have noticed that your Firefox will update to its latest version automatically. Otherwise, you can upgrade it manually. Make sure that you have backup your data before proceeding to manual update.

According to Firefox, It was notified by security researcher Cody Crews about a malicious ad on a Russian news portal that was exploiting a vulnerability in Firefox’s PDF Viewer, a built-in feature. The exploit seeks sensitive files on the victim’s computer and uploads it to a suspicious server reportedly located in Ukraine.

Versions of Firefox that don’t support PDF Viewer including Firefox for Android client aren’t vulnerable to the exploit. Firefox’s Mac client is also not affected. “The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer,” wrote Mozilla security Chief Daniel Veditz.

“The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.”

In the blog post, Veditz also notes that the exploit looks for subversion, s3browser, Firezilla, and limb purple configuration files on the Windows systems. On Linux, the payload checks global configuration files in the /etc directory. It also looks into .bashhistory, .mysqlhistory, .pgsql_history, and .ssh configuration files and keys.

Veditz says that people who use ad-blocking tools might not be affected by the vulnerability either, though it isn’t too sure about that. Regardless, you would want to update your Firefox Web browser to the latest version.