Sensitive Files On Mozilla Firefox May Be Vulnerable

Ahmed Bilal
Posted 1 year ago

Security researcher, Cody crews, reported and showed that a policy had been violated during the built-in process of Firefox PDF Viewer due to which sensitive files can easily be read and stolen by hackers, at least it made it more viable than ever before. It was publicly revealed on a Russian news website which explained the vulnerability of a local file system. In android this PDF viewer is not so vulnerable because there are certain versions of browsers which do not have PDF viewer installed in them. The users of Firefox were urged to update to Firefox 39.0.3, however Firefox Enterprise users can patch to 38.1.1.

Update as soon as possible!

mozilla firefox


“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer,” wrote Mozilla security lead Daniel Veditz in a blog post.

“The vulnerability does not enable the execution of arbitrary code, but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.”

The internet users who use ad-blocking software are safe from this exploit but it depends on the particular software they use for filters.  It will not exploit the Mac users but according to Veditz another payload could apply the same susceptibility.


“The exploit leaves no trace it has been run on the local machine,” said Veditz. “If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs.”

This specific malware is planned to find S3 Browser, Apache Subversion, and Filezilla configuration files; website configuration files for eight popular FTP clients; and .purple and Psi+ Jabber account information on Windows systems.Whereas on Linux, the exploit steals configuration files such as /etc/passwd; .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys; shell scripts; configuration files for Filezilla, Remmina, and Psi+; and text files which cover the sequence “access” and “pass.” The taken information is uploaded to a server located in Ukraine.

Mozilla was forced to release update to Firefox 39 due to the number of vulnerabilities they were facing. According to Mozilla these bugs could not be easily bugged by the users. The company explains that this is one astonishing malware which is designed for targeting files related to developers which are considered to be served for news websites and it is expected to be deployed on various other websites as well.

Share on Facebook Share on Twitter Share on Reddit