Heads up, Firefox users — Mozilla is urging you to update your browser post-haste, after a rogue advertisement on a Russian news site was found to be exploiting a vulnerability that compromised Firefox users’ local files.

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer,” explained Mozilla’s security head, Daniel Veditz, in a blog post.

In effect, the attacker was able to circumvent Firefox’s security and inject a malicious script that searched for key files on a user’s machine and then uploaded them to a remote server, thought to be located in the Ukraine. This would’ve applied to anyone loading the page with the exploit on it — and the exploit left no trace, according to Mozilla.

The issue was reported on Wednesday, August 5, with a security update issued yesterday. While Mozilla says only Windows and Linux users were apparently targeted, the malware could easily be adapted for Mac users too — so everyone is encouraged to update to the latest version.

Even if you haven’t visited the Russian news site in question, it’s not known whether the ad has been deployed elsewhere. Firefox for Android, and other Mozilla products that don’t sport the built-in PDF Viewer, are not affected.

While ad-blocking is still frowned upon by many, this latest incident could provide people with added justification for using ad-blocking software on their computers.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more
Become a member