It isn’t at all unusual to hear about a newly unearthed browser vulnerability, but it’s slightly less common to hear at the same time that it’s already been fixed. Firefox users, it’s time to update your browser.
On Wednesday, Mozilla was informed by a Firefox user that an advertisement on a Russian news site was exploiting a previously unknown vulnerability in the browser, Daniel Veditz wrote on the Mozilla Security Blog. The exploit used the vulnerability to search the user’s computer for files that, once found, would be uploaded to a server that appeared to be located in Ukraine.
The exploit, like some other recently found vulnerabilities, involves the PDF format. Specifically, the vulnerability lies in the interaction between the browser’s “same origin policy” and Firefox’s built-in PDF viewer. Veditz notes that browsers that don’t contain the PDF viewer, like
Luckily, Mozilla was quick on the draw, and has already fixed the vulnerability. The fix is available in Firefox 39.0.3, and naturally Mozilla is urging all users to update. The vulnerability has also been fixed in Firefox ESR 38.1.1.
The exploit only targeted Windows and Linux users, but that doesn’t necessarily mean that Mac users have nothing to fear. Veditz writes that ” Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.”
If you use Firefox on a Windows or Linux machine, Mozilla recommends changing any passwords and security keys for programs targeted by the exploit. Veditz notes that ad-blocking software may have protected some users, but this isn’t a given, so you’re still better off updating
- The U.S. government says you need to update Firefox right now
- I finally switched from Chrome to Mozilla Firefox — and you should too
- Apple Safari flaw left users’ browsing activity open to being tracked
- Using the new Microsoft Edge browser on a Mac feels wrong, and I love it
- WhatsApp fixes bug that could have allowed hackers to read your desktop files