Mozilla has warned of a new exploit on its Firefox browser exploit that can steal your sensitive files, uploads them to a server in Ukraine and leave no evidence. It was first discovered coming from an advertisement on a Russian general news site.
According to a Mozilla blog post, the vulnerability is tied to how the browser interacts with its PDF Viewer. Versions of Firefox that don’t have PFD viewer, such as the browser on Android, will not be affected.
The company has seen this exploit affect the Windows, Linux and even Mac operating systems. What is alarming about this vulnerability is you can’t even tell if the exploit was every on a computer so you’d never know if it was uploading files from the affected machine to a server abroad. According to Mozilla, the malicious code that is injected to a user’s computer appears to target files that are specific to developers:
“On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts.”
If you use any of the aforementioned file types above, you might want to change any passwords and keys that you have for them.
Mozilla recommends Firefox users to update to the latest version of the browser as the company has released a security fix for this exploit. Instructions can be found on Mozilla’s support page.
[Via Mozilla blog post]