Mozilla broke the news itself in a blog post yesterday. Security lead Daniel Veditz wrote that a Firefox user informed them of the major issue on August 5. The company has acted quickly to release a patch which users should install as soon as possible.
The exploit was found in action in a malicious advert on a Russian news site. It searches through files stored locally on a visitor’s computer when browsing the site with Firefox. When it finds what it is looking for — typically sensitive developer-oriented files — it subversively uploads them to a server in Ukraine without the computer’s owner ever knowing.
The files that are searched for are relatively uncommon and are created by programs an ordinary computer user may not have installed. They are primarily configuration files for FTP clients used to upload files to websites, as well as the associated account information files, including passwords.
The exploit works through a vulnerability in the way that Firefox’s PDF viewer is implemented. It allows an attacker to run potentially malicious JavaScript code in the context of the local computer rather than the safe sandbox of the web browser.
The issue affects Firefox on Windows and Linux. In the specific case of the advert on the Russian news site, Mac users are safe but “would not be immune” if the exploit was used elsewhere with different injected JavaScript code.
Mozilla says that the exploit “leaves no trace” that it has ever existed on a targeted system. The company advises that users of any of the affected programs — detailed in its blog post — should change their associated passwords and security keys to stay safe.
The case represents yet another example of computers being hijacked through malicious adverts on websites. Mozilla says that users of ad-blocking software “may have been protected” but such incidents are only becoming more common.
A report by Infosecurity Magazine published yesterday found that the number of malicious adverts displayed to computer users has increased by 260 percent in the past year. Firefox users should update to version 39.0.3 or 38.1.1 ESR to ensure they are protected from this latest issue.
