Mozilla patches vulnerability to block ad-based exploit

Mozilla Firefox has released security updates to fix a vulnerability after a user informed it that an advertisement on a news site in Russia was serving a Firefox exploit.

According to a post on its official blog, Mozilla said the exploit that searched for sensitive files & then uploaded them to a server that appeared to be in Ukraine. Mozilla users were urged to update to Firefox 39.0.3. The fix had also been shipped in Firefox ESR 38.1.1.

The post said the vulnerability came from the interaction of the mechanism that enforced JavaScript context separation & Firefox’s PDF Viewer. Mozilla products that did not contain the PDF Viewer, such as Firefox for Android, were not vulnerable. The vulnerability did not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for & upload potentially sensitive local files.

The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news Site, added the post. On Windows the exploit looked for subversion, s3browser, & Filezilla configurations files, .purple & Psi+ account information, & Site configuration files from 8 different popular FTP clients.

On Linux the exploit went after the usual global configuration files like /etc/passwd, & then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files & keys, among others. Mac users were not targeted by this particular exploit.

The exploit left no trace it had been run on the local machine. Mozilla has urged users to change any passwords & keys found in the above-mentioned files.




•Share This•