› Forums › General › General Discussion › Windows Security › Firefox exploit found in the wild
- This topic has 0 replies, 1 voice, and was last updated 8 years, 8 months ago by hackerman1.
- AuthorPosts
-
- 8th August 2015 at 08:05 #44971
Important information for Firefox-users
“Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine.
The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”), and Firefox’s PDF Viewer.
Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.
The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context.
This allowed it to search for and upload potentially sensitive local files.”“If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys……”
Read the full story: https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
This a good reason why you should not use the built-in PDF-reader in Firefox.
Use a “real” PDF-reader like fx. PDF-XChange Viewer instead.Note: It´s not recommended to use Adobe Reader because vulnerabilities are regularly found.
- AuthorPosts
- You must be logged in to reply to this topic.