10-08-2015, 17:14
Tekr Skrev:A major vulnerability discovered by Mozilla lurking in an advertisement shown by a Russian news site could steal your files and upload them to a Ukrainian server without you ever knowing. The flaw exploits Firefox’s PDF viewer and the JavaScript context to inject a script that can search for and upload local files. All you need to do is load the page with the exploit and it’ll silently steal files in the background.http://tekr.net/firefox-exploit-found-in-the-wild/
Lets just start off by saying that this vulnerability was fixed in the latest version of Mozilla Firefox. If you have updated recently you’re safe. But if you haven’t, you should asap.
As said in the introduction, this vulnerability has to do with Firefox’s PDF viewer. The vulnerability comes from the interaction of Firefox’s mechanism to enforce JavaScript. Mozilla products that don’t contain the PDF viewer, such as the Android Firefox Browser, are not vulnerable to this exploit. The vulnerability does not include any execution of arbitrary code, but it was able to inject JavaScript into the local file context. Which allowed it to upload potentially sensitive local data files.
Surprisingly most of the files it searches for are developer type files. Such as Windows FTP configuration files, subversion, .purple and account information. On Linux the exploit goes for more global files, such as /etc/password then in all user directories it searches for files such as .bash_history .mysql_history .pgsql_history .ssh, configuration files for remina, and other keys. Mac users aren’t specifically targeted by these attacks, but it was found they are still vulnerable.
The exploit is theoretically impossible to trace as it is ran on the local machine. But the good news is the attack doesn’t seem to be widespread right now, and has only been found on a Russian ad network. If you use Firefox on Windows or Linux we would suggest changing your keys and passwords for the files mentioned above. Firefox users who use adblocking software should be safe from this as it will block the ads trying to exploit this vulnerability, but you should still update just to be safe.
All versions of Firefox are affected and Mozilla says that to protect against the exploit you should update to version 39.0.3 right now. Enterprise users can patch to 38.1.1.