Firefox users at risk; Mozilla recommends users to update after flaw could lead to data theft
SHARE
, / 683 0

Mozilla_Firefox_logo_2013.svgThe official Mozilla Firefox Security Blog unveiled a major security flaw in Firefox that has been discovered through an advertisement in a Russian news site. The bug will allow the malware search for sensitive files in the victim’s computer and will then reportedly upload them to a server hosted in Ukraine. Following the discovery of a file-stealing exploit, Mozilla is urging all Firefox users to update their browser.

Mozilla’s security chief, Daniel Veditz said in a company’s blog that the security flaw in Firefox surfaced from the interface of the system responsible for the separation of JavaScript context and the Firefox PDF reader. The hacker attacks only developer oriented files such as File Transfer Protocol found in Windows, implying that personal files are not hacked although the attack is intimidating. Cody Crews, a security researcher, discovered the exploit and immediately notified it to Mozilla.

The effect of the attack gives the hacker the capacity to elude the Firefox security and install a malicious script that searches for files which stores passwords that are stored in the browser itself and are used in many FTP programs. Moreover, in all accesses that carried the page where the malicious ad was present, the malware did not leave traces, according to Mozilla.

The company has already released its latest version of Firefox, version 39.0.3, on Aug. 5 that has a fix for the security flaw, but users who have not yet received the update notification can do it manually by accessing the official website of Mozilla and safeguard themselves from the major security flaw in Firefox.

It has been discovered that the exploit affects both Windows and Linux operating systems. The exploit has not affected Macs yet but the hackers could also attack the Mac users. So Mozilla is also urging Apple system users to upgrade their system with the latest version of Firefox.

Even users who have not accessed the Russian news site that had the announcement should also upgrade their browsers, because it is not clear if the ad was deployed to other internet sites. People using software that blocks advertisements on the Web may have been safe from the security breach, but that is still dependent on the particular program and filters applied.

The company also made it clear that Firefox for Android and other Mozilla products that do not have an integrated PDF reader will not have the security flaw and cannot be affected by this attack.

Author
Follow Anna Domanska on Twitter, Facebook & Google.

Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

PASSWORD RESET


Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

LOGIN