Mozilla has released Firefox 39.0.3 that fixes a vulnerability in PDF Viewer and allows to upload potentially sensitive local files.
A new flaw has now been found in Mozilla’s Firefox Web browser that allows hackers to steal files from a user’s PC by using misleading and dodgy ads. Moreover, the vulnerability affects a user’s computer without even leaving a trace behind the hack. Hence, Mozilla is now urging its users to upgrade their Firefox browsers to the latest version to stay protected from such attacks that could be potentially damaging.
In a blog post by Mozilla security lead Daniel Veditz, he announced that an advertisement which apparently comes from Russian news site, was serving as a decoy which could allow a code to be run on a user’s PC to look up for files, which were then linked back to a server in Ukraine where files were being finally uploaded. He further said that the motive behind the attack is still unclear as the hackers use rather advanced evasion techniques hence cannot be traced.
Windows and Linux users are primarily affected by the hack, as Apple’s Mac OS wasn’t specifically the target owing to its smaller user base. However, Mozilla did mention that Mac users should take appropriate measures as the hacker can by bypass their systems as well using the same vulnerability.
The vulnerability, however, is only limited to the web version of Firefox’s PDF viewer. Hence users with Firefox on their mobiles won’t be affected by the hack as it lacks a PDF viewer, Mozilla adds. The company is now advising its users to take immediate action by upgrading to the latest version of Firefox on Windows and Linux – specifically versions 39.0.3 for PCs and Firefox ESR 38.1.1 for business, as they these have been updated with a patch to combat the vulnerability.
In addition, the company is also advising users to change their passwords and keys for files that may have been potentially affected by the hack, as they might have no clue that their personal data might actually have been stolen. The exact number of websites affected by the hack still remain unknown, though security experts suggest its impact could be potentially dangerous. It could have a wider reach as Firefox is listed as the third most popular web browser in the world analytics firm StarCouter, with a browser market share of 16 percent.