Mozilla has urged its users to update their browser to Firefox 39.0.3 as the company recently fixed a critical vulnerability that has been exploited in the wild. The fix has also been shipped in Firefox ESR 38.1.1.
The company wrote in its Security Blog that the vulnerability came from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.
“Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files,” the post read.
Those files were surprisingly developer focused for an exploit launched on a general audience news site, though of course the company has no idea that where else the malicious ad might have been deployed.
According to the blog post, the flaw looks for s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients on Windows. Similarly, on Linux, it targets usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts.
“If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used,” the company added.
However, the company confirmed that Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.