Firefox Security Flaw Discovered! Users Urged To Update To Latest Version To Close Up Hole!


A Firefox security flaw that could potentially be used to steal files from computers has been discovered, so Firefox users, beware! This much was revealed by Mozilla itself through a blog post published on Thursday.

“A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine,” the post explained.
“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer,” Mozilla said.
“Products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable,” the post continued.
According to IGN , this Firefox security flaw only targets developer-focused files on Windows and Linux and that Mac users are currently unaffected by said flaw.
Apparently, downloading the latest version of the Firefox browser can help close up the hole. This latest version, 39.0.3, contains a fix for the security hole and was released on Thursday, the same day the flaw was discovered. All Firefox users are encouraged to upgrade their browsers to this latest version, according to CNET .
Firefox users can update the browsers their using to the upgraded version by clicking on the ‘Help’ menu from the ‘Menu Bar’ or the Firefox button found in the upper left corner of an opened browser. Afterwards, users can click of the setting for ‘About Firefox’.
Browsers that have not been updated will show a button that reads “Update to 39.0.3”, and once clicked on, the browser will automatically update itself to the new and more secure version. A simple restart once update is finished will apply all changes made.
Even those at Mozilla are wondering why such types of files were being targeted.
“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed,” Daniel Veditz, security lead of Mozilla, said in the same blog post.
“The exploit leaves no trace it has been run on the local machine,” he added of this latest Firefox security flaw.

Comments 0

Your email address will not be published.

JapanChina
Choose A Format
Story
Formatted Text with Embeds and Visuals
Image
Photo or GIF