Skip to main content
  1. Home
  2. Computing
  3. News

Firefox users, update your browser: Mozilla has found and fixed a new vulnerability

Kris Wouk
By

kentucky hospital subjected to ransomware hacker keyboard
Image used with permission by copyright holder
It isn’t at all unusual to hear about a newly unearthed browser vulnerability, but it’s slightly less common to hear at the same time that it’s already been fixed. Firefox users, it’s time to update your browser.

On Wednesday, Mozilla was informed by a Firefox user that an advertisement on a Russian news site was exploiting a previously unknown vulnerability in the browser, Daniel Veditz wrote on the Mozilla Security Blog. The exploit used the vulnerability to search the user’s computer for files that, once found, would be uploaded to a server that appeared to be located in Ukraine.

Recommended Videos

The exploit, like some other recently found vulnerabilities, involves the PDF format. Specifically, the vulnerability lies in the interaction between the browser’s “same origin policy” and Firefox’s built-in PDF viewer. Veditz notes that browsers that don’t contain the PDF viewer, like Firefox for Android, aren’t vulnerable to the exploit.

Related

While the exploit itself didn’t allow the attacker to run arbitrary code, it did allow the injecting of a JavaScript file that would then run on the targeted system. Surprisingly, the script doesn’t search for personal data, but developer-focused files like configuration files for subversion, s3browser, Filezilla, and eight popular FTP clients. For more details on the exploit, see the full post on the Mozilla Security Blog.

Luckily, Mozilla was quick on the draw, and has already fixed the vulnerability. The fix is available in Firefox 39.0.3, and naturally Mozilla is urging all users to update. The vulnerability has also been fixed in Firefox ESR 38.1.1.

The exploit only targeted Windows and Linux users, but that doesn’t necessarily mean that Mac users have nothing to fear. Veditz writes that ” Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.”

If you use Firefox on a Windows or Linux machine, Mozilla recommends changing any passwords and security keys for programs targeted by the exploit. Veditz notes that ad-blocking software may have protected some users, but this isn’t a given, so you’re still better off updating Firefox.

Editors' Recommendations

Topics
Kris Wouk
Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Mozilla’s Firefox browser for Android and iOS gets a revamped homepage
A symbol of the Mozilla Firefox logo.

In May, Mozilla rolled out a fresh new interface to the Firefox browser based on some highly data-driven learnings. Now, the Firefox browser's mobile version is getting an improved homepage with several new features based on users' feedback to help make browsing more thorough and efficient.

The new homepage on Firefox for Android and iOS brings dedicated sections to improve how users browse on their smartphones. For example, "Jump back in," lets you quickly open the last active tab that you were browsing. Besides the most recent tabs, Firefox also shows the most recent bookmarks, so you can dive back into the pool of information without making a lot of effort to find the tab that was previously opened or saved.

Read more
Your digital fingerprint is tracked everywhere online. Brave wants to change that
6 important tech tasks you should get over with while social distancing chores computer privacy getty

We have more tools to secure our identity online than ever before. You can ban cookies -- the little pieces of information websites deposit in our browsers to identify us -- block invasive trackers from tailing our machines, switch to incognito mode, opt out of cross-app tracking with Apple’s latest iOS update, or even go as far as to surf the web only through highly encrypted virtual private networks.

But there’s a tracking method that can still slip past these defenses and it’s growing in popularity: Fingerprinting.
The anatomy of a fingerprint
What makes fingerprinting so elusive and difficult to defend against is the fact that the data it exploits is essential to the web’s foundational functions.

Read more
Your Dell laptop might have a security vulnerability. Here’s how to fix it.
dell new inspiron laptops take xps design lineup 2021 1

After a security research firm discovered a security vulnerability that could give hackers access to your laptop, Dell is taking action with a fix. Impacting hundreds of millions of laptops across more than 380 models (including XPS, and Alienware) released since 2009, there are now more ways than one for you to address the urgent issue.

At the heart of this problem is a driver that Dell's laptops use to handle firmware updates. According to a Dell support page, this driver comes packaged with Dell Client firmware update utility packages and software tools, and a vulnerability within it can "lead to escalation of privileges, denial of service, or information disclosure."

Read more