Major Vulnerability Found In Firefox, Latest Browser Version Fixes It

This week, Mozilla was notified by a user that a Firefox vulnerability in the browser's PDF reading functionality, which converts PDF files into Javascript documents, was being actively exploited in Russia. Mozilla is now urging all Firefox users to upgrade to Firefox 39.0.3 or Firefox ESR 38.1.1.

The malware that took advantage of the bug in Firefox's Javascript-based PDF reader was being deployed through ads that appeared on a Russian news site. The malware would search for sensitive files on people's PCs and then upload them to a server in Ukraine.

As the vulnerability only affects Firefox's PDF.js reader, that means only the desktop version of Firefox is affected by it, but not the Android version. According to Mozilla, the vulnerability doesn't enable the execution of arbitrary code, but the exploit was able to inject a Javascript payload into the local file context that allowed it to search for local files.

The somewhat good news here is that the exploit seems to have targeted mainly developers, despite being deployed on a major Russian news site. For instance, on Windows it looked for the configuration files of various FTP clients, including Filezilla. On Linux, it targeted configuration files such as /etc/passwd, .bash_history, .mysql_history, .pgsql_history, and .ssh. Mac users were not targeted by this exploit, but they would not be immune to a different payload utilizing the same Firefox vulnerability.

The exploit leaves no trace that it has been run on a user's local machine, making it difficult to detect. Mozilla recommended users to change all the passwords and keys for the mentioned files and programs. The company also said that users of adblock programs may have been protected, depending on their enabled ad-blocking filters. 

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • surphninja
    Score another security win for Adblock.
    Reply
  • targetdrone
    Think of the horror if a FireFox or Chrome update were tied to a hardware manufacture and ISP.
    Reply
  • mr grim
    "Mozilla is now urging all Firefox users to upgrade to Firefox 39.0.3 or Firefox ESR 38.1.1."

    Well what I find more concerning is that I was not even offered this update, it was done automatically without me knowing, I only noticed because my custom icon reset to the default one.
    Reply
  • hr_sto
    If you ran ff as a different user in linux, it wouldn't have been able to read the passwd file, right?
    Reply
  • jerm1027
    Well, it's a good thing I use script-blocking extensions, not that I visit that many Russian News sites. At this point, ads are less of an annoyance and more of a security risk - not only do I want to block them, I'm obligated to to keep my computer safe.
    Reply
  • phatboe
    Is there anything of value in the /etc/passwd file on modern *nix systems? It's not any password info is located on there so why target that file?
    Reply
  • grumpigeek
    I never liked the Firefox PDF reader, so I always set Adobe Reader as the default PDF handler.

    Reply
  • PC newb 09
    FF has sucked since V4. Edge blows it away. FF can't even handle 1080p streaming video let alone 4K. Edge streams 4K video flawlessly. Don't even talk about Flash. Open the same 4 websites on FF... 800meg of memory... Edge? 201... I left FF behind years ago.
    ff on my pc streams 4k video flawlessly lol get a new setup
    Reply
  • Puiucs
    I never liked the Firefox PDF reader, so I always set Adobe Reader as the default PDF handler.
    i'm sorry, but if you are using Adobe Reader then you should probably not announce it publicly. People will only point their finger at you and langh. It's the slowest, bloated and most insecure reader on the market and it has been so for many years.
    Reply
  • hoover1979
    Thank Christ I use Adblock Plus. No annoying ads and browser protection to boot! Pheeeeeeew!
    Reply