Firefox has encountered a serious security issue which allows attackers stealing files off your hard drive using some JavaScript-based technique in order to infiltrate your computer through the Firefox browser. In order to solve this, Mozilla has released a security patch which will solve this problem, if you update your Firefox browser without any delay.
Those who use Firefox should waste no time and update their browser to the newest version 39.0.3. Those who are using Firefox Extended Support version like, for example, for business or in schools, should update to 38.1.1. This exploit can harm only PCs as it takes advantage of the way Firefox’s PDF viewer interacts with other parts of the browser. Therefore, Android users can stop worrying as Android version of the browswer will not be affected, as confirmed by Danial Veditz, Mozilla’s security lead.
This issue was brought to Mozilla’s attention by a user who noticed an ad on a Russian news site using an exploit in order to search for sensitive files. Information was then uploaded to a Ukrainian server without the user being aware of it and even leaving no signs of its malicious activity on user’s computer.
According to Veditz, the malware targeted Windows and Linux PCs, even though it is theoretically possible to affect Mac users as well by modifying this malware.
Malware was looking for very specific files on Windows, namely configuration files for some FTP upload programs including Filezilla, S3 Browser, the subversion version control system, PSI Plus and Pidgin chat clients as they are very popular options for encrypted messaging.
If you are using Mozilla Firefox on your home computer, you can be affected if you are using any of the programs listed above. First of all, your should go through all of them and change all keys and passwords related to them. In case you do not have these programs, it is still highly advisable for you to update the browser because other exploits may try to take advantage of this flaw and fish for sensitive files on your computer.
If you want to update your Firefox browser, click on the right upper corner of your browser and then on a question mark on the drop-down window that appears. Then select About Firefox and check for updates. Here you can also see the number of the version presently running on your computer. If it is 39.0.3, your computer is protected against the said exploit.
Ugnius Kiguolis is the founder and editor-in-chief of UGetFix. He is a professional security specialist and malware analyst who has been working in IT industry for over 20 years.
