Zero-Day Attack Found In Firefox
-
Created: Monday, 21 September 2015 16:27
Several days ago, I stumbled across an article that mentioned there was an exploit found in Firefox. This concerned me because I, along with millions of others, use Firefox almost exclusively. If you are a Firefox user, please make sure that you are running the latest version. The root of this issue is with JavaScript and its interaction with Firefox's PDF viewer. It was mentioned in the Mozilla Security Blog that this vulnerability does not execute code, but has the ability to inject JavaScript code into a PDF and allow it to upload sensitive local files. This exploit leaves no trace it has been run on the local machine and seems to target specific files on Windows, Linux, and MAC systems. Firefox version 39.0.3 is an update in response to this exploit; users should make sure they are at least at this version.
References
Goodin, D. (2015, 8 7). 0-day attack on Firefox users stole password and key data: Patch now! Retrieved 8 8, 2015, from ARS Technica: http://arstechnica.com/security/2015/08/0-day-attack-on-firefox-users-stole-password-and-key-data-patch-now/
Veditz, D. (2015, 8 5). Firefox exploit found in the wild. Retrieved 8 8, 2015, from Mozilla Security Blog: arstechnica.com/security/2015/08/0-day-attack-on-firefox-users-stole-password-and-key-data-patch-now/
