Firefox Bug Secretly Uploads Your Files to an External Server – Update it Right Away!
An exploit discovered in Firefox web browser could potentially upload your local files to a server appearing to be located in Ukraine, according to Mozilla.
In a blogpost published on Thursday, Mozilla strongly recommended users to update the browser to Firefox ESR (Extended Support Release) 38.1.1. Mozilla's head of security Daniel Veditz talked about the discovery of a malicious exploit embedded in an advertisement on a Russian news site. This exploit could search through a user's personal local files and upload them to an external server. User would never know about it as all the traces of it are removed after the payload is executed. This latest vulnerability relied on Firefox's integrated PDF reader making the versions not using this feature safe from the exploit, including the Android version of the browser.
Technical details of the Firefox exploit:
On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for.bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts. Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.
Firefox vulnerability affects Windows and Linux users but Mac users "would not be immune" to it too, warned Veditz in the blog post. However, this particular exploit does not target Mac users so they are safe - for now.
He also added that the users having ad-blocking software enabled may have remained unaffected depending on the filters used. In any case, it is highly recommended to update Firefox to the Firefox 39.0.3 or Firefox ESR (Extended Support Release) 38.1.1 versions. Additionally, Veditz also recommended to change the passwords and keys on Windows and Linux browser versions "if you use the associated programs."