Mozilla Firefox has released security updates to fix a vulnerability after a user informed it that an advertisement on a news site in Russia was serving a Firefox exploit.
According to a post on its official blog, Mozilla said the exploit that searched for sensitive files & then uploaded them to a server that appeared to be in Ukraine. Mozilla users were urged to update to Firefox 39.0.3. The fix had also been shipped in Firefox ESR 38.1.1.
The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news Site, added the post. On Windows the exploit looked for subversion, s3browser, & Filezilla configurations files, .purple & Psi+ account information, & Site configuration files from 8 different popular FTP clients.
On Linux the exploit went after the usual global configuration files like /etc/passwd, & then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files & keys, among others. Mac users were not targeted by this particular exploit.
The exploit left no trace it had been run on the local machine. Mozilla has urged users to change any passwords & keys found in the above-mentioned files.