If you use Firefox, you should update now to avoid file stealing exploit

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

If you use Firefox, you should update your browser now to prevent a flaw in the software that could allow hackers to “search for and upload potentially sensitive” from your hard drive to their servers.

Mozilla is asking all Firefox users to upgrade to version 39.0.3. Most users have automatic updates turned on, however it’s important to make sure you’re running the most recent version of Firefox.

The security issue only impacts PCs because the flaw relies on an interaction between the browser’s PDF viewer and other features in the browser. Mac and Android users are not impacted.

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.” — Daniel Veditz, Mozilla

People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.

The exploit leaves no trace it has been run on the local machine.

A Firefox user alerted Mozilla after discovering the flaw while browsing on a Russian news website.

See a mistake? Report a typo here.

Latest News

More News

National News

More National

Washington D.C.

More Washington DC Bureau

Your Local Election HQ

More Your Local Election HQ

Don't Miss

Latest News

More News


KFOR Podcasts

More Podcasts

Follow @KFOR on Twitter