Shellsec

Fuld version: Tekr - Firefox Exploit Found in The Wild
Du ser lige nu en skrabet udgave af vores indhold. Se den fulde version med ordentlig formatering.
Tekr Skrev:A major vulnerability discovered by Mozilla lurking in an advertisement shown by a Russian news site could steal your files and upload them to a Ukrainian server without you ever knowing. The flaw exploits Firefox’s PDF viewer and the JavaScript context to inject a script that can search for and upload local files. All you need to do is load the page with the exploit and it’ll silently steal files in the background.

Lets just start off by saying that this vulnerability was fixed in the latest version of Mozilla Firefox. If you have updated recently you’re safe. But if you haven’t, you should asap.

As said in the introduction, this vulnerability has to do with Firefox’s PDF viewer. The vulnerability comes from the interaction of Firefox’s mechanism to enforce JavaScript. Mozilla products that don’t contain the PDF viewer, such as the Android Firefox Browser, are not vulnerable to this exploit. The vulnerability does not include any execution of arbitrary code, but it was able to inject JavaScript into the local file context. Which allowed it to upload potentially sensitive local data files.

Surprisingly most of the files it searches for are developer type files. Such as Windows FTP configuration files, subversion, .purple and account information. On Linux the exploit goes for more global files, such as /etc/password then in all user directories it searches for files such as .bash_history .mysql_history .pgsql_history .ssh, configuration files for remina, and other keys. Mac users aren’t specifically targeted by these attacks, but it was found they are still vulnerable.

The exploit is theoretically impossible to trace as it is ran on the local machine. But the good news is the attack doesn’t seem to be widespread right now, and has only been found on a Russian ad network. If you use Firefox on Windows or Linux we would suggest changing your keys and passwords for the files mentioned above. Firefox users who use adblocking software should be safe from this as it will block the ads trying to exploit this vulnerability, but you should still update just to be safe.

All versions of Firefox are affected and Mozilla says that to protect against the exploit you should update to version 39.0.3 right now. Enterprise users can patch to 38.1.1.
http://tekr.net/firefox-exploit-found-in-the-wild/
Og det er så derfor Google har aftale med Adobe om deres PDF reader i Chrome ;)
(10-08-2015, 19:49)Ash Skrev: [ -> ]Og det er så derfor Google har aftale med Adobe om deres PDF reader i Chrome ;)

Nu er det jo ikke fordi Adobe Reaser er specielt sikker heller :)
(10-08-2015, 22:59)Doctor Blue Skrev: [ -> ]Nu er det jo ikke fordi Adobe Reaser er specielt sikker heller :)

Adobe Reader nope.. Chrome's Adobe Reader yes!
http://paste.ubuntu.com/12030863/

Det ville da have været oplagt at søge efter f. eks. wallet.dat og lignende.
(10-08-2015, 23:31)MalcolmXI Skrev: [ -> ]http://paste.ubuntu.com/12030863/

Det ville da have været oplagt at søge efter f. eks. wallet.dat og lignende.

Ja det skulle man mene. Der findes vel snart ikke noget malware der ikke gør det.
(11-08-2015, 09:52)idkfa Skrev: [ -> ]Chrome kommer med pdfium som default built-in PDF reader. Og den er bestemt ikke udviklet af Adobe. Den er et samarbejde mellem Google og Foxit teamet. Kan du uddybe hvad du mener?

Ah, det kan godt være de har skiftet. Jeg ved i hvert fald den var powered by Adobe engang.
Ash got rekt. RIP.
(11-08-2015, 14:45)Malmoc Skrev: [ -> ]Ash got rekt. RIP.

Det kan også være jeg bare har haft en Adobe PDF reader plugin, men jeg er sikker på de har haft en aftale med Adobe.. Men det er nok længe siden, fordi der har stået powered by Adobe (eller noget i den stil) før.