On Thursday, Mozilla revealed a vulnerability in its browser
that was discovered by a Firefox user. An ad on an unnamed news site in
Russia was able to tap into the vulnerability to upload certain files
from a user's computer to a server apparently based in the Ukraine.
Exploiting Firefox's PDF Viewer and its use of the widespread JavaScript
code, the hack seems to capture only "developer focused" files -- think
FTP (file transfer protocol) -- at least in Windows. Your personal
files and data aren't caught in the attack, but the hack is still
alarming.
Has
the world grown weary of security hacks and exploits at this point?
Each day, those who browse the Web or use Windows or Adobe Flash or
numerous other products seem to face yet another security worry. Even
the Mac OS, which has long held a reputation as being secure, isn't immune.
Software is imperfect, and hackers are always going to find a way to
exploit certain weaknesses. So what do we do? Protect our computers with
security software. Be careful of where we go and what we do on the
Internet. Hope that vendors quickly find and fix the vulnerabilities.
And Mozilla had done just that.
To update Firefox to the latest version, click on the Help menu from the
Menu Bar or the Firefox button in the upper left corner. Then click on
the setting for About Firefox. If you don't already have the latest
version, you should see a button that reads "Update to 39.0.3." Click on
that button, and Firefox will automatically update itself to the new,
secure version, and then prompt you to restart it.
Thevulnerability affects both Windows and Linux. It does not affect the Firefox mobile app for Android as that program does not contain the PDF Viewer. It has not affected Macs as of yet, but
Mozilla said that Apple's OS X would not be impregnable if someone were to target it. People who use software that blocks ads on the Web may have been protected from the security flaw, but that depends on the specific program and filters in place.
Mozilla expressed surprise at the types of files that were targeted.
Thevulnerability affects both Windows and Linux. It does not affect the Firefox mobile app for Android as that program does not contain the PDF Viewer. It has not affected Macs as of yet, but
Mozilla said that Apple's OS X would not be impregnable if someone were to target it. People who use software that blocks ads on the Web may have been protected from the security flaw, but that depends on the specific program and filters in place.
"The
files it was looking for were surprisingly developer focused for an
exploit launched on a general audience news site, though of course we
don't know where else the malicious ad might have been deployed,"
Mozilla security lead Daniel Veditz said in Thursday's security blog.
Veditz added this sobering thought: "The exploit leaves no trace it has been run on the local machine."
