Mozilla got word this Wednesday that a severe Firefox 0day vulnerability was being exploited by an ad on a Russian website. Although the company was swift in delivering a fix, they are now urging users to check that they are running version 39.0.3 or later to prevent hackers from gaining access to their sensitive data.
It looks like the vulnerability affected a non-privileged part of Firefox’s built-in PDF viewer, where hackers were able to inject JavaScript files. Since they are in the same origin policy as the local browser, hackers could then have the script search and upload data to a server located in Ukraine, as sources indicate.
Security specialists found that the exploit mainly targeted developer-focused content, though it was released to the general audience. However, the attack seems pretty neat because you can have a large number of audience on the website, but have data transferred from browsers with significant relevance. The guys looking into the hack found that it did not leave traces of it behind, which means that even experienced users may be unaware if they have been the victim of a hack or not.
Though the hack affected only Windows and Linux systems, Mac users should also be on guard, since the hack can also be modified to target Macintosh OS’ too.
Thank you Sci-Tech Today for providing us with this information
Image courtesy of Wikimedia
