HomeInternetMozilla Firefox has a vulnerability: your files could be stolen and sent...

Mozilla Firefox has a vulnerability: your files could be stolen and sent to Ukraine

Jumia Black Friday Deals

On 5th August, Mozilla uncovered that an advertisement shown on a Russian news site came with a Firefox exploit that could steal files from a computer and upload it to a server in Ukraine without the owner’s knowledge.

The next day, 6th August, Mozilla released a security update to fix the vulnerability. Judging by the immediate action, the vulnerability must be serious.

And yes, it is quite serious. The flaw exploits Firefox’s PDF viewer and the JavaScript context to insert a script that will search for and upload certain local files on your machine.

And all you have to do on your part is to open a page containing the exploit and your files will get uploaded to a Ukrainian server.

All Firefox users are being urged to have the security update installed. After the install, you will have Firefox version 39.0.3. if you’re an enterprise owner then patch your Firefox to 38.1.1.

Here’s all you need to know about this Mozilla exploit:

In Firefox, there is an interaction between the mechanisms that enforce JavaScript context separation and Firefox’s PDF viewer. The vulnerability is in this very interaction.

So practically Mozilla products not using the PDF viewer are safe: an example being Firefox for Android.

Now in particular the flaw will not allow any code execution, but if enabled the exploit will inject certain JavaScript into the local file context.

This very action will enable it to search and upload sensitive information on your machine.

Now, all files on your machine are not targeted. Interestingly, it is quite varied. Mostly developer based files are searched for.

If the exploit occurs on a Windows computer, it looks for FTP configuration files, subversions, .purple and Psi+ account information and other account info.

On Linux, the exploit is mostly concerned about global configuration files and user directories. Mac users are not targeted, but are still vulnerable. If attacked, there isn’t nothing much to do.

If you fall a victim, you will most probably have no clue about it. Windows and Linux users with Firefox are urged to change passwords and keys found in the file types mentioned above; if you use them.

People using ad blocks are also safe, but safety depends on the software and the specific filters used by that ad-block software.

Currently, the attack isn’t widespread and has been only visible in certain Russian ad networks. But it’s only a matter of time till the exploit goes viral. So update quickly.

Latest articles

Best Valentine’s Day Gifts Ideas

Looking for a great Valentine's Day gift for your loved one? You are in...

Best Web Hosting Services for Small Business in 2024

Your business's online presence is as vital as any physical storefront or office. The...

8 Reasons to Buy the Oppo Reno 11 5G

Are you in the market for a new smartphone? Look no further than the...

10 Key Features of the Tecno Spark 20 Pro Plus

Tecno has introduced the top of the line member of its latest Spark Series....

How to Open OPay Account for Seamless Banking

OPay is a leading mobile banking and payment platform that allows you to make...

SpaceX launches First Starlink Direct to Phone Satellites

SpaceX has announced the launch of its first set of direct to cell satellites...

How to Track a Cheating Spouse

Lacking trust in a relationship can lead to sleepless nights, restlessness, and worry. If...

More like this

Best Web Hosting Services for Small Business in 2024

Your business's online presence is as vital as any physical storefront or office. The...

Why you need Strong Digital Supply Chain Management

Digital transformation is crucial to the survival of any business today. And to truly...

Teraco announces Regional Interconnection with Google Equiano Cable

Teraco, Africa’s largest provider of interconnected data centre platforms, is now an integral connectivity...