Mozilla Issues Security Update for Firefox Exploit
On August 6, Mozilla released a security update to address a vulnerability uncovered by a Firefox user. The user discovered an ad on a Russian website was using a Firefox exploit that scanned for sensitive files, then sent them to a server in the Ukraine. Mozilla promptly released a fix for the vulnerability, advising all users to update to Firefox 39.0.3.
The exploit worked by putting a JavaScript payload in the local file context, enabling it to look for sensitive files. The targeted files were developer-focused, and differed according to OS. On Linux the exploit targeted several areas:
- global configuration files such as etc/passwd
- searches all user directories for .bash_history, .mysql_history, .pgsql_history
- .ssh files and keys
- configuration files for remina, Filezilla
- Psi+ text files with “pass” and “acces” in the filename.
- Shell scripts
On Windows it searched for different items:
- subversion
- s3browser
- Filezilla configuration files
- .purple and Psi+ account information
- site configuration files from 8 popular FTP clients
Mac users don’t appear to be targeted by the vulnerability so far, and users who employ ad-blocking software may be protected from it, as well. If you use Firefox (especially in Windows or Linux), it would be safest to change all your passwords or keys in the above files as soon as possible.