Update Firefox ASAP: Mozilla Just Patched a Bug That Allows Data Theft

FirefoxFirefox users are being urged to update to version 39.0.3 (or 38.1.1 for Enterprise users) following the discovery of a vulnerability that could allow attackers to steal your data without you ever knowing about it.

It all started when a Firefox user notified Mozilla that a malicious ad on a Russian news site was exploiting the vulnerability to sniff out & steal sensitive files from victim’s machines. All the victim had to do was visit a website housing the exploit and BAM –the files are quietly uploaded to a remote server.

The attack appeared to be primarily focused on collecting developer-related data (i.e. FTP configuration files, subversion, and the like) from Windows & Linux computers. Macs were not targeted, however that’s not to say they aren’t vulnerable – data could easily be stolen if someone were to create an exploit that included them.

As for the vulnerability being exploited in the attack, Mozilla shared that it stems from the “interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.” That means Android users were left out of the fun since Firefox for Android lacks PDF Viewer. Additionally, the company said that ad-blocking software may offer some protection, but that depends on what filters are used.

The bug has been patched and users that value the security of their data should update to the latest version of Firefox (39.0.3 or ESP 38.1.1)  ASAP.

Like this post? Follow us online by liking us on Facebook, following us on Twitter (@sdpcfix), or circling us on Google+.