Update Your Firefox Browser to Fix a Major Browser Vulnerability, Now!
Mozilla Firefox browser users are being urged to update to the latest version of the open-source browser after a major vulnerability was found with the potential to steal sensitive data from user computers. The latest version of the browser is patched and now immune to the vulnerability.
Mozilla Firefox users on Windows and Linux platforms are being advised to update to the latest version of the browser (ver 39.0.3) due to an exploit being discovered in the wild which “searched for sensitive files and uploaded them to a server that appears to be in Ukraine,” Mozilla announced in a blog post.
The Threat of Ad-based Exploits
The first signs of red flags were raised when an advertisement embedded on a fairly popular Russian news website was siphoning sensitive data using an exploit, as discovered by an advanced Firefox user. The data would remotely be uploaded to a server in the Ukraine quietly, without showing any indication of activity.
“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed,” noted Daniel Veditz, a security researcher at Mozilla.
Significantly, Firefox users may never realize that they were victims of a breach, according to Mozilla, who had advice for those using the browser.
“The exploit leaves no trace it has been run on the local machine,” Mozilla said. “If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs.”
A Critical Security Advisory Issued by Mozilla
Cody Crews, a security researcher working at Mozilla underlined the significance of the vulnerability when signaling the impact of the threat to be critical, after which Mozilla released a security advisory.
The description of the advisory reads:
“Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim’s computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild.”
The affected products include:
- The Firefox browser.
- Firefox ESR (Extended Release Channels “intended for groups who deploy and maintain the desktop environment in large organizations.”)
- Firefox OS. (The official Linux kernel-based operating system already implemented in smartphones, tablets, and smart TVs. The OS is developed by Mozilla and entirely open source.)
The patch was issued not soon after, with the fixes applied in Firefox 39.0.3, Firefox ESR 38.1.1 & Firefox OS 2.2.
Updating Your Firefox Browser
Although Firefox automatically updates in periodic intervals, a manual update is strongly recommended. Here’s how to update, quickly:
- Look for the “Hamburger” settings menu on the upper right and select the question-mark icon at the bottom of the window that pops open.
- Now, select ‘About Firefox’ and the browser will instantly look for updates.
- If you’re already on 39.0.3, you’re all set. Otherwise, good job on the proactive manual update to the latest patched version of the browser!
Images from Shutterstock.